We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Need Help To Remove a Virus
Options
rammy007
Posts: 1,050 Forumite
in Techie Stuff
Hi all i think our computer has a virus i think its system security version 4.52 it seems to come up when i use google i click on a link but i get redirected to some thing else then this page pops up saying your computers infecfted go to system security to download and get rid of the viruses etc now ive scanned my computer with superantispyware malware-antimalware and spybot and they have not picked it up also scanned in safe mode still they never picked it up so i dont no what to do can anybody help us please
0
Comments
-
Download malwarebytes and do a scan with that.
http://www.malwarebytes.org/
Usually does a good job of getting rid of nasties.
Have a look at this thread as well
http://forums.moneysavingexpert.com/showthread.html?t=133269It's my problem, it's my problem
If I feel the need to hide
And it's my problem if I have no friends
And feel I want to die0 -
First of all download http://www.malwarebytes.org/ and run that. Might be sensible to rename the downloaded executable to something else, such as mbnew.exe.
Do a quick scan, followed by a FULL scan.0 -
After youve run a fulls can with malwarebytes and posted the log ~
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log):idea:0 -
Just wondering if OP has an Antivirus program?That gum you like is coming back in style.0
-
Hi all im using panda av pro 2010 i will do another scan using malwarebytes then post log then do the same with HIJACK THIS get back to you later0
-
I got a similar virus when using panda 2009, no matter what I did I could not get rid of it, ended up doing a reinstall. Hope you manage to get it sorted.:pB&SC No. 298
Life`s Tragedy is that we get OLD too soon
and WISE too late!0 -
Malwarebytes' Anti-Malware 1.42
Database version: 3403
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
21/12/2009 23:55:43
mbam-log-2009-12-21 (23-55-43).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 642441
Time elapsed: 1 hour(s), 27 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 00:06:14, on 22/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\ApVxdWin.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (file missing)
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Mdoti] rundll32.exe "C:\WINDOWS\ivaxilexexe.dll",Startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090729114115
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257200297890
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/templates/btmailcontrol013.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol028.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Chris\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 13846 bytes0 -
First up, Pandas firewall is beyond useless (Possibly the reason your in trouble) ~
http://www.matousec.com/projects/proactive-security-challenge/results.php
As you use spybots 'tea timer' then its highly likely that you actually ALLOWED the virus through (In which case I question why bother having tea timer on at all)
TICK these in hijack and click to FIX them ~
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (file missing)
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (file missing)
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Mdoti] rundll32.exe "C:\WINDOW\ivaxilexexe.dll",Startup
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/temp...control028.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Chris\LOCALS~1\Temp\DX9\SessionLaunche r.exe (file missing)
The one in bold is definitely dodgy
...............................................................
Please run COMBOFIX
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
Hi aliEnRIK thanks for your help so far heres what combofix found
ComboFix 09-12-21.04 - Chris 22/12/2009 13:57:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.378 [GMT 0:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: Panda Antivirus Pro 2010 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Chris\Application Data\inst.exe
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc10.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc103.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc104.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc105.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc108.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc11.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc111.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc11C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc11D.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc12.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc124.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc12B.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc12E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc13.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc139.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc13C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc14.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc148.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc14E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc15.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc151.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc156.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc15E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc16.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc167.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc17.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc170.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc172.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc173.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc174.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc176.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc177.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc17E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc17F.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc180.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc182.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc18E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc18F.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc196.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc19A.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc19C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc1A.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc1A0.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc1AC.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc1BC.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc1C0.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc1C4.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc1C5.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc1CF.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc1DC.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc1E0.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc1F.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc1FB.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc210.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc213.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc21F.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc22.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc221.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc224.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc242.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc246.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc25B.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc26.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc264.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc269.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc26E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc27.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc27A.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc27D.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc28.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc28D.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc28E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc29.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc294.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2A.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2A1.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2A2.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2AF.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2B.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2B6.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2B9.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2C3.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2D.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2D6.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2E0.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2E2.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2F.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2F9.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc30.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc301.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc31.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc314.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc32.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc320.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc32D.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc32F.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc33.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc354.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc357.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc364.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc379.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc37A.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc38E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc39.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc3A.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc3A4.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc3A6.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc3AA.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc3AF.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc3B9.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc3C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc3DB.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc3E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc3F.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc3FB.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc3FC.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc4.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc400.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc404.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc405.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc42.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc43.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc43C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc44.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc45C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc468.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc47.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc479.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc484.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc486.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc487.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc488.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc49.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc497.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc4A.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc4C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc4C1.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc4C6.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc4D.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc4D3.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc4DE.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc4E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc4EF.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc4F.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc5.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc50.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc503.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc51.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc511.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc54.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc548.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc560.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc565.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc58C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc5A.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc5A6.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc5B3.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc5E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc604.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc628.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc636.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc64A.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc66C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc67.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc68.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc68D.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc693.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc6B3.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc6E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc6E1.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc7.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc70.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc709.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc70C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc70E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc71.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc711.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc72.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc73.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc74.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc75.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc784.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc7A.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc7B.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc7C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc7E0.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc7E4.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc7F9.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc8.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc80.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc83C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc85.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc87.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc87E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc88.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc8C.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc8D.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc9.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc90E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc91.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc92.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc94.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc99.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc9F.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc9F2.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccA.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccA0.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccA4.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccA5.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccA6.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccA9A.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccB.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccB1.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccB4.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccB6.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccB7.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccBB.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccBC6.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccBF.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccC.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccC5.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccC97.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccCE.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccD.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccD2.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccD4E.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccDB.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccE.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccE1.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccE9.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccED.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccF.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mccFA.tmp
c:\recycler\S-1-5-21-3021210722-2111303262-2287248673-1003
c:\windows\ivaxilexexe.dll
c:\windows\run.log0 -
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.
2009-12-21 16:20 . 2009-12-21 16:20
d
w- c:\program files\TrendMicro
2009-12-21 14:13 . 2009-12-22 12:56 0 ----a-w- c:\windows\Rduvoci.bin
2009-12-21 14:13 . 2009-12-21 21:55 120 ----a-w- c:\windows\Gwodeyilu.dat
2009-12-21 14:13 . 2009-12-21 14:13
d
w- c:\documents and settings\Chris\Local Settings\Application Data\{0A0E9DB1-DA2A-44B8-8949-CB39CB9D298B}
2009-12-20 13:24 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-20 11:17 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-20 11:14 . 2009-12-20 11:14
dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-20 11:14 . 2009-12-20 11:14
d
w- c:\program files\Lavasoft
2009-12-20 11:14 . 2009-12-20 11:14
d
w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-19 14:24 . 2009-12-19 14:24
d
w- c:\windows\system32\wbem\Repository
2009-12-01 17:52 . 2009-12-01 17:52
d
w- C:\Output
2009-12-01 17:41 . 2009-12-01 17:41
d
w- c:\documents and settings\Lisa\Application Data\Ahead
2009-12-01 17:06 . 2009-12-01 17:07
d
w- c:\documents and settings\Lisa\Local Settings\Application Data\Adobe
2009-12-01 16:59 . 2009-12-01 16:59
d
w- c:\documents and settings\All Users\Application Data\SlySoft
2009-12-01 16:06 . 2009-12-01 16:06
d
w- c:\documents and settings\Chris\Application Data\SlySoft
2009-12-01 15:58 . 2009-12-01 15:58
d
w- c:\program files\AviSynth 2.5
2009-12-01 15:32 . 2009-12-01 15:32
d
w- c:\program files\Conduit
2009-12-01 15:32 . 2009-12-01 15:32
d
w- c:\documents and settings\Chris\Local Settings\Application Data\Conduit
2009-12-01 15:32 . 2009-12-01 15:32
d
w- c:\documents and settings\Chris\Local Settings\Application Data\DVDVideoSoft
2009-12-01 12:36 . 2009-12-01 12:36
d
w- C:\ConverterOutput
2009-11-30 21:21 . 2009-11-30 21:21
d
w- c:\documents and settings\Lisa\Application Data\U3
2009-11-30 19:39 . 2009-11-30 19:39 84680 ----a-w- c:\documents and settings\Lisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-26 15:34 . 2009-11-26 15:34
d
w- c:\program files\iPod
2009-11-26 15:34 . 2009-11-26 15:35
d
w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-26 15:34 . 2009-11-26 15:35
d
w- c:\program files\iTunes
2009-11-26 15:32 . 2009-11-26 15:33
d
w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 14:16 . 2009-03-28 13:51
d
w- c:\documents and settings\Chris\Application Data\Skype
2009-12-22 14:15 . 2009-11-11 21:24 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-12-22 14:15 . 2009-11-11 21:24 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-12-22 14:10 . 2009-03-27 15:28 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-21 20:58 . 2009-11-11 21:24 284088 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-12-21 20:58 . 2009-11-11 21:24 284088 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-12-19 15:28 . 2009-05-10 20:59
d
w- c:\program files\SUPERAntiSpyware
2009-12-14 14:58 . 2009-03-27 13:54
d
w- c:\documents and settings\Chris\Application Data\Vso
2009-12-14 14:53 . 2009-05-18 13:05
d
w- c:\documents and settings\Lisa\Application Data\Apple Computer
2009-12-14 08:00 . 2009-05-12 06:50
d
w- c:\documents and settings\Chris\Application Data\U3
2009-12-04 16:29 . 2009-05-01 14:47
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-12-03 16:14 . 2009-05-01 14:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-05-01 14:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 22:16 . 2009-05-10 21:18
d
w- c:\program files\Spybot - Search & Destroy
2009-12-01 19:55 . 2009-05-08 12:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-01 18:08 . 2009-03-27 16:20
d
w- c:\program files\SlySoft
2009-11-26 15:39 . 2009-04-20 19:12
d
w- c:\documents and settings\Chris\Application Data\Apple Computer
2009-11-26 15:34 . 2009-04-20 19:11
d
w- c:\program files\Common Files\Apple
2009-11-11 21:18 . 2009-11-11 21:18 250 ----a-w- c:\windows\system32\PavCPL.dat
2009-11-11 21:18 . 2009-11-11 21:17
d
w- c:\program files\Panda Security
2009-11-11 21:17 . 2009-11-11 20:26
d
w- c:\documents and settings\Chris\Application Data\Panda Security
2009-11-11 21:17 . 2009-11-11 20:26
d
w- c:\documents and settings\All Users\Application Data\Panda Security
2009-11-11 21:13 . 2009-11-11 20:26
d
w- c:\program files\Common Files\Panda Security
2009-11-11 20:26 . 2009-03-25 10:46
d--h--w- c:\program files\InstallShield Installation Information
2009-11-11 20:26 . 2009-11-11 16:38
d
w- c:\documents and settings\All Users\Application Data\Panda Security(2)
2009-11-03 20:55 . 2009-03-31 22:18 84680 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-31 14:51 . 2005-04-25 23:24 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-24 02:04 . 2009-03-27 16:06
d
w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-29 09:19 . 2009-09-29 09:19 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards