| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96294 | 2009-01-05 18:36:00 | Best Anti-Virus Software??? | JA88 (14012) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 735356 | 2009-03-25 23:10:00 | sorry bout that speedy that was the size of the file ...lol... Ah ah, in that case, you're right :p ive also elected to download the hijackthis installer is that the right one? thanks :) Yup thats the one |
Speedy Gonzales (78) | ||
| 735357 | 2009-03-25 23:14:00 | righto speedy heres the log heck it was fast too!!! ...lol... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:11:43 PM, on 3/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [COMODO Registry Cleaner] "C:\Program Files\COMODO\Registry Cleaner\CRC.exe" O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario&pf=laptop O15 - Trusted Zone: http://www.google.co.nz O15 - Trusted Zone: http://www.trademe.co.nz O15 - Trusted Zone: http://www.zonealarm.com O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - wimpro.cce.hp.com O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - cdn.scan.onecare.live.com O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - h20436.www2.hp.com O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - h20270.www2.hp.com O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{A106E0E0-FA69-4236-A887-1EB03B73E4EF}: NameServer = 203.97.78.43 203.97.78.44 O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 6461 bytes |
iammcb (14488) | ||
| 735358 | 2009-03-25 23:26:00 | Looks ok to me, but you can tick these entries then tick fix checked Close browsers These dont have to run on startup O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [COMODO Registry Cleaner] "C:\Program Files\COMODO\Registry Cleaner\CRC.exe" What have you unticked in msconfig? O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe What probs are you having?? |
Speedy Gonzales (78) | ||
| 735359 | 2009-03-25 23:43:00 | wahooo well that is good news isnt it...lol... well i havent been able to open msconfig, or msinfo, or sysedit (and im sure there are other ones too.) i get the message that windows cannot find (file name) Please make sure you typed the name correctly and then try again. to search for a file type the file name click the start button and then click search. However ive done a google search and changed the registry for msconfig so now i can get it today ...lol... what esle oh yeah dial up keeps disconnecting internet explore keeps closing and itunes wont install from cd and programs wont uninstall from add and remove programs. more good news now ive restarted the pc and trojan remover did a scan and that came back as no malicious entries were found no changes have been made :) winning!!!...lol... okay now i will delete the start up entries you suggested. btw trojan remover has added itself to start up too should i remove that as well? thanks again speedy do you know where i can post event viewer logs as well? theres more info in there about all the pc issues ive been having but its like reading japanese to me!!!...lol... |
iammcb (14488) | ||
| 735360 | 2009-03-25 23:47:00 | Hmm ok then select all options under utilities in trojan remover as well Post the event logs in here as well |
Speedy Gonzales (78) | ||
| 735361 | 2009-03-25 23:47:00 | oh yeah i down loaded windows onecare scanner but i think i want to unstall it because it said something about couldnt verify the windows logo??? then i read an article here about it not being very good anyway so yep im uninstalling that now:) |
iammcb (14488) | ||
| 735362 | 2009-03-25 23:49:00 | ok will do now:) | iammcb (14488) | ||
| 735363 | 2009-03-25 23:52:00 | ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.6.2570. For information, email support@simplysup.com [Unregistered version] Scan started at: 12:51:05 PM 26 Mar 2009 Using Database v7307 Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Documents and Settings\Marina\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Marina\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** ************************************************** ********** 12:51:05 PM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************** ********** 12:51:06 PM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [Explorer.exe] File: Explorer.exe C:\WINDOWS\Explorer.exe 1033728 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\system32\userinit.exe,] File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26112 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: Key value: [logonui.exe] File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: avast! Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 81000 bytes Created: 3/24/2009 11:16 AM Modified: 2/6/2009 10:08 AM Company: ALWIL Software -------------------- Value Name: MSConfig Value Data: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe 169984 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty ************************************************** ********** 12:51:06 PM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************** ********** 12:51:06 PM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** ********** 12:51:06 PM: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************** ********** 12:51:06 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub C:\WINDOWS\INF\wmp11.inf 2428 bytes Created: 8/25/2006 5:09 PM Modified: 8/25/2006 5:09 PM Company: [no info] ---------- ************************************************** ********** 12:51:07 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: AppMgmt %SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found) -------------------- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- ************************************************** ********** 12:51:07 PM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AddFiltr ImagePath: "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe" C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe 126976 bytes Created: 3/15/2007 5:04 PM Modified: 6/12/2006 6:27 PM Company: Hewlett-Packard Development Company, L.P. ---------- Key: aswFsBlk ImagePath: system32\DRIVERS\aswFsBlk.sys C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 20560 bytes Created: 3/24/2009 5:24 PM Modified: 2/6/2009 10:07 AM Company: ALWIL Software ---------- Key: aswUpdSv ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 18752 bytes Created: 3/24/2009 11:16 AM Modified: 2/6/2009 10:01 AM Company: ALWIL Software ---------- Key: avast! Antivirus ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" C:\Program Files\Alwil Software\Avast4\ashServ.exe 138680 bytes Created: 3/24/2009 11:16 AM Modified: 2/6/2009 10:08 AM Company: ALWIL Software ---------- Key: avast! Mail Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 254040 bytes Created: 3/24/2009 11:16 AM Modified: 2/6/2009 10:08 AM Company: ALWIL Software ---------- Key: avast! Web Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 352920 bytes Created: 3/24/2009 11:16 AM Modified: 2/6/2009 10:06 AM Company: ALWIL Software ---------- Key: eabfiltr ImagePath: system32\DRIVERS\eabfiltr.sys C:\WINDOWS\system32\DRIVERS\eabfiltr.sys 7808 bytes Created: 3/15/2007 5:04 PM Modified: 9/19/2005 7:23 PM Company: Hewlett-Packard Development Company, L.P. ---------- Key: eabusb ImagePath: system32\DRIVERS\eabusb.sys C:\WINDOWS\system32\DRIVERS\eabusb.sys 5760 bytes Created: 3/15/2007 5:04 PM Modified: 9/19/2005 7:24 PM Company: Hewlett-Packard Development Company, L.P. ---------- Key: HBtnKey ImagePath: system32\DRIVERS\cpqbttn.sys C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 9344 bytes Created: 3/15/2007 5:04 PM Modified: 4/28/2008 8:22 PM Company: Hewlett-Packard Development Company, L.P. ---------- Key: HdAudAddService ImagePath: system32\drivers\CHDAud.sys C:\WINDOWS\system32\drivers\CHDAud.sys 581632 bytes Created: 6/3/2006 11:02 AM Modified: 7/26/2006 10:44 PM Company: Conexant Systems Inc. ---------- Key: HSFHWAZL ImagePath: system32\DRIVERS\HSFHWAZL.sys C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 211456 bytes Created: 4/21/2006 12:02 PM Modified: 11/1/2007 8:25 AM Company: Conexant Systems, Inc. ---------- Key: ialm ImagePath: system32\DRIVERS\ialmnt5.sys C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1166972 bytes Created: 3/23/2006 4:47 PM Modified: 3/23/2006 4:47 PM Company: Intel Corporation ---------- Key: iaStor ImagePath: system32\DRIVERS\iaStor.sys C:\WINDOWS\system32\DRIVERS\iaStor.sys 874240 bytes Created: 10/13/2005 9:07 PM Modified: 10/14/2005 5:07 AM Company: Intel Corporation ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 69632 bytes Created: 4/4/2005 12:41 AM Modified: 4/4/2005 12:41 AM Company: Macrovision Corporation ---------- Key: iPodService ImagePath: C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iPod\bin\iPodService.exe 323584 bytes Created: 10/18/2005 11:58 AM Modified: 10/18/2005 11:58 AM Company: Apple Computer, Inc. ---------- Key: JavaQuickStarterService ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" C:\Program Files\Java\jre6\bin\jqs.exe 152984 bytes Created: 3/10/2009 9:04 AM Modified: 3/10/2009 9:04 AM Company: Sun Microsystems, Inc. ---------- Key: KMWDFILTER ImagePath: system32\DRIVERS\KMWDFILTER.sys C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 17408 bytes Created: 10/9/2008 3:42 PM Modified: 10/9/2008 3:42 PM Company: Windows (R) Codename Longhorn DDK provider ---------- Key: Lavasoft Ad-Aware Service ImagePath: "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 951632 bytes Created: 1/19/2009 10:34 AM Modified: 3/10/2009 10:10 AM Company: Lavasoft ---------- Key: Lbd ImagePath: system32\DRIVERS\Lbd.sys C:\WINDOWS\system32\DRIVERS\Lbd.sys 64160 bytes Created: 3/10/2009 10:19 AM Modified: 3/10/2009 11:38 AM Company: Lavasoft AB ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{0B291343-867D-4556-B889-F13674D89156} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation ---------- Key: SynTP ImagePath: system32\DRIVERS\SynTP.sys C:\WINDOWS\system32\DRIVERS\SynTP.sys 224672 bytes Created: 3/15/2007 4:40 PM Modified: 3/28/2008 1:14 AM Company: Synaptics, Inc. ---------- Key: UIUSys ImagePath: system32\DRIVERS\UIUSYS.SYS C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS - [file not found to scan] ---------- ************************************************** ********** 12:51:11 PM: Scanning -----VXD ENTRIES----- ************************************************** ********** 12:51:11 PM: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key : igfxcui DLLName: igfxdev.dll C:\WINDOWS\system32\igfxdev.dll 139264 bytes Created: 3/23/2006 4:12 PM Modified: 3/23/2006 4:12 PM Company: Intel Corporation ---------- ************************************************** ********** 12:51:11 PM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: avast CLSID: {472083B0-C522-11CF-8763-00608CC02F24} Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll C:\Program Files\Alwil Software\Avast4\ashShell.dll 76880 bytes Created: 3/24/2009 11:16 AM Modified: 2/6/2009 10:04 AM Company: ALWIL Software ---------- Key: LavasoftShellExt CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} Path: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll 82272 bytes Created: 1/19/2009 10:34 AM Modified: 3/10/2009 11:40 AM Company: ---------- ************************************************** ********** 12:51:11 PM: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 357888 bytes Created: 8/28/2008 2:56 PM Modified: 8/28/2008 2:56 PM Company: Sun Microsystems, Inc. ---------- ************************************************** ********** 12:51:11 PM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 75128 bytes Created: 6/11/2008 10:33 PM Modified: 6/11/2008 10:33 PM Company: Adobe Systems Incorporated ---------- Key: {53707962-6F74-2D53-2644-206D7942484F} BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll C:\PROGRA~1\SPYBOT~1\SDHelper.dll 1879896 bytes Created: 3/24/2009 3:55 PM Modified: 1/26/2009 3:31 PM Company: Safer Networking Limited ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Program Files\Java\jre6\bin\ssv.dll C:\Program Files\Java\jre6\bin\ssv.dll 320920 bytes Created: 3/10/2009 9:04 AM Modified: 3/10/2009 9:04 AM Company: Sun Microsystems, Inc. ---------- Key: {DBC80044-A445-435b-BC74-9C25C1C588A9} BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll C:\Program Files\Java\jre6\bin\jp2ssv.dll 34816 bytes Created: 3/10/2009 9:04 AM Modified: 3/10/2009 9:04 AM Company: Sun Microsystems, Inc. ---------- Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 73728 bytes Created: 3/10/2009 9:04 AM Modified: 3/10/2009 9:04 AM Company: Sun Microsystems, Inc. ---------- ************************************************** ********** 12:51:12 PM: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************** ********** 12:51:12 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************** ********** 12:51:12 PM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************** ********** 12:51:12 PM: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************** ********** 12:51:12 PM: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************** ********** 12:51:12 PM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 5/11/2006 9:25 AM Modified: 5/11/2006 9:25 AM Company: [no info] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - no action taken on this file -------------------- ************************************************** ********** 12:51:13 PM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Marina [C:\Documents and Settings\Marina\START MENU\PROGRAMS\STARTUP] The Startup Group for Marina attempts to load the following file(s): C:\Documents and Settings\Marina\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 2/19/2009 6:00 PM Modified: 5/11/2006 9:25 AM Company: [no info] C:\Documents and Settings\Marina\START MENU\PROGRAMS\STARTUP\desktop.ini - no action taken on this file ---------- ************************************************** ********** 12:51:13 PM: Scanning ----- SCHEDULED TASKS ----- Taskname: Ad-Aware Update (Weekly).job File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe 542568 bytes Created: 1/19/2009 10:34 AM Modified: 3/10/2009 10:11 AM Company: Lavasoft Parameters: update all silent Next Run Time: 3/30/2009 10:20:00 AM Status: The task is ready to run at its next scheduled time Creator: SYSTEM Comments: This will perform a scheduled update with Ad-Aware ---------- Taskname: Google Software Updater.job File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Parameters: scheduled_start Next Run Time: 3/26/2009 1:03:00 PM Status: The task has not yet run Creator: SYSTEM Comments: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - [file not found to scan] ---------- Taskname: GoogleUpdateTaskMachine.job File: C:\Program Files\Google\Update\GoogleUpdate.exe Parameters: /c Next Run Time: Never Status: The task is ready to run at its next scheduled time Creator: Marina Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it. C:\Program Files\Google\Update\GoogleUpdate.exe - [file not found to scan] ---------- ************************************************** ********** 12:51:14 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************** ********** 12:51:14 PM: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: vidc.LEAD File: LCODCCMP.DLL LCODCCMP.DLL - [file not found to scan] ---------- Value: vidc.DIVX File: DivX.dll C:\WINDOWS\system32\DivX.dll 716800 bytes Created: 9/22/2004 1:26 PM Modified: 9/22/2004 1:26 PM Company: DivXNetworks, Inc. ---------- ************************************************** ********** 12:51:14 PM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Checking autorun.inf in D:\ D:\autorun.inf -HS- 53 bytes Created: 4/30/2004 8:01 AM Modified: 4/29/2004 10:01 AM Company: [no info] D:\autorun.inf ShellExecute entry: [Info.exe protect.ed 480 480] this is a known entry and has been left in place ---------- -------------------- Desktop Wallpaper: C:\Documents and Settings\Marina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\Marina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 3/12/2009 8:12 PM Modified: 3/24/2009 10:16 PM Company: [no info] ---------- Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\Marina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 3/12/2009 8:12 PM Modified: 3/24/2009 10:16 PM Company: [no info] ---------- DNS Server information: Interface: NameServers: 203.97.78.43 203.97.78.44 Checks for rogue DNS NameServers completed ---------- ---------- Additional checks completed ************************************************** ********** 12:51:15 PM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe 50688 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\csrss.exe 6144 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\winlogon.exe 507904 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\services.exe 108544 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\lsass.exe 13312 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\svchost.exe 14336 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned -------------------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe - file already scanned -------------------- C:\WINDOWS\Explorer.EXE - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - file already scanned -------------------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe 49152 bytes Created: 5/18/2006 9:52 PM Modified: 5/18/2006 9:52 PM Company: Hewlett-Packard Company -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 135168 bytes Created: 3/15/2007 5:05 PM Modified: 5/2/2006 8:41 PM Company: Hewlett-Packard Development Company, L.P. -------------------- C:\WINDOWS\system32\wbem\unsecapp.exe 16896 bytes Created: 8/5/2004 5:00 PM Modified: 8/5/2004 5:00 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\wbem\wmiprvse.exe 218112 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 515416 bytes Created: 1/19/2009 10:34 AM Modified: 3/10/2009 10:10 AM Company: Lavasoft -------------------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned -------------------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 2260480 bytes Created: 3/24/2009 3:55 PM Modified: 3/5/2009 4:07 PM Company: Safer-Networking Ltd. -------------------- C:\Program Files\Internet Explorer\iexplore.exe 634024 bytes Created: 8/5/2004 5:00 PM Modified: 12/19/2008 6:25 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\ntvdm.exe 420864 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\Documents and Settings\Marina\Application Data\Simply Super Software\Trojan Remover\aoi8.exe FileSize: 2933624 [This is a Trojan Remover component] -------------------- ************************************************** ********** 12:51:17 PM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************** ********** === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 12:51:17 PM 26 Mar 2009 Total Scan time: 00:00:12 ************************************************** ********** ***** WINDOWS EXPLORER POLICIES RESET ***** Trojan Remover Ver 6.7.6.2570. For information, email support@simplysup.com [Unregistered version] Scan started at: 12:50:42 PM 26 Mar 2009 Using Database v7307 Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Documents and Settings\Marina\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Marina\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System - no action required on this key as it does not exist ---------- Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum - no action required on this key as it does not exist Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D} - no action required: value either does not exist or is set to False Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103} - no action required: value either does not exist or is set to False ---------- Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun - no action required on this key as it does not exist ---------- Checking Values in: HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer Value: DisallowRun - value does not exist, no action required Value: NoActiveDesktopChanges - value does not exist, no action required Value: NoActiveDesktop - not set, no action required Value: NoFileMenu - value does not exist, no action required Value: NoClose - value does not exist, no action required Value: NoDesktop - value does not exist, no action required Value: NoDrives - value does not exist, no action required Value: NoFind - value does not exist, no action required Value: NoFolderOptions - value does not exist, no action required Value: NoRun - value does not exist, no action required Value: NoFavoritesMenu - value does not exist, no action required Value: NoSetFolders - value does not exist, no action required Value: NoControlPanel - value does not exist, no action required ---------- Checking Values in: HKCU\Control Panel\Desktop ---------- Checking HKCU ActiveDesktop Policies: ---------- Checking HKCU Add/Remove Programs Policies: ---------- Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun - no action required on this key as it does not exist ---------- Checking Values in: HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer Value: DisallowRun - value does not exist, no action required Value: NoActiveDesktopChanges - value does not exist, no action required Value: NoActiveDesktop - not set, no action required Value: NoFileMenu - value does not exist, no action required Value: NoClose - value does not exist, no action required Value: NoDesktop - value does not exist, no action required Value: NoDrives - value does not exist, no action required Value: NoFind - value does not exist, no action required Value: NoFolderOptions - value does not exist, no action required Value: NoRun - value does not exist, no action required Value: NoFavoritesMenu - value does not exist, no action required Value: NoSetFolders - value does not exist, no action required Value: NoControlPanel - value does not exist, no action required ---------- Checking HKLM ActiveDesktop Policies: ---------- Checking HKLM Add/Remove Programs Policies: ---------- ************************************************** ********** ***** LAYERED SERVICE PROVIDER CHECKS ***** Trojan Remover Ver 6.7.6.2570. For information, email support@simplysup.com [Unregistered version] Scan started at: 12:50:34 PM 26 Mar 2009 Using Database v7307 Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Documents and Settings\Marina\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Marina\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** No errors were located in the Layered Service Provider Registry entries. No action was taken. ************************************************** ********** ***** WINDOWS UPDATE POLICIES RESET ***** Trojan Remover Ver 6.7.6.2570. For information, email support@simplysup.com [Unregistered version] Scan started at: 12:50:23 PM 26 Mar 2009 Using Database v7307 Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Documents and Settings\Marina\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Marina\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** No invalid Windows Update Policies found to reset. ************************************************** ********** ***** WINDOWS HOSTS FILE RESET ***** Trojan Remover Ver 6.7.6.2570. For information, email support@simplysup.com [Unregistered version] Scan started at: 12:50:17 PM 26 Mar 2009 Using Database v7307 Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Documents and Settings\Marina\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Marina\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** C:\WINDOWS\system32\DRIVERS\ETC\HOSTS has been copied to C:\WINDOWS\system32\DRIVERS\ETC\HOSTS.TRB The default HOSTS file was successfully reset. ************************************************** ********** ***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET **** Trojan Remover Ver 6.7.6.2570. For information, email support@simplysup.com [Unregistered version] Scan started at: 12:50:07 PM 26 Mar 2009 Using Database v7307 Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Documents and Settings\Marina\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Marina\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** Existing Home/Start/Search Page settings are as follows: HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": ie.search.msn.com HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": ie.search.msn.com HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.google.com/ HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": www.microsoft.com These settings will now be reset to their defaults: HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoToolbarCustomize" policy reset to default HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoBandCustomize" policy reset to default HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL" has been reset HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch" has been reset HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant" has been reset HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"www" has been reset HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"ftp" has been reset HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"gopher" has been reset HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"home" has been reset HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"mosaic" has been reset HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoBandCustomize" policy reset to default HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window_Placement" has been reset -------------------- ************************************************** ********** ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.6.2570. For information, email support@simplysup.com [Unregistered version] Scan started at: 12:24:58 PM 26 Mar 2009 Using Database v7307 Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Documents and Settings\Marina\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Marina\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** ************************************************** ********** 12:24:58 PM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************** ********** 12:24:58 PM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [Explorer.exe] File: Explorer.exe C:\WINDOWS\Explorer.exe 1033728 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\system32\userinit.exe,] File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26112 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: Key value: [logonui.exe] File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Ad-Watch Value Data: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 515416 bytes Created: 1/19/2009 10:34 AM Modified: 3/10/2009 10:10 AM Company: Lavasoft -------------------- Value Name: COMODO Registry Cleaner Value Data: "C:\Program Files\COMODO\Registry Cleaner\CRC.exe" C:\Program Files\COMODO\Registry Cleaner\CRC.exe 3110648 bytes Created: 3/26/2009 7:55 AM Modified: 10/7/2008 6:56 PM Company: COMODO Security Solutions Inc. -------------------- Value Name: avast! Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 81000 bytes Created: 3/24/2009 11:16 AM Modified: 2/6/2009 10:08 AM Company: ALWIL Software -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1303432 bytes Created: 3/26/2009 11:46 AM Modified: 3/20/2009 7:54 PM Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: SpybotSD TeaTimer Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 2260480 bytes Created: 3/24/2009 3:55 PM Modified: 3/5/2009 4:07 PM Company: Safer-Networking Ltd. -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty ************************************************** ********** 12:24:59 PM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************** ********** 12:24:59 PM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** ********** 12:24:59 PM: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************** ********** 12:24:59 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub C:\WINDOWS\INF\wmp11.inf 2428 bytes Created: 8/25/2006 5:09 PM Modified: 8/25/2006 5:09 PM Company: [no info] ---------- ************************************************** ********** 12:24:59 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: AppMgmt %SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found) -------------------- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- ************************************************** ********** 12:24:59 PM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AddFiltr ImagePath: "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe" C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe 126976 bytes Created: 3/15/2007 5:04 PM Modified: 6/12/2006 6:27 PM Company: Hewlett-Packard Development Company, L.P. ---------- Key: aswFsBlk ImagePath: system32\DRIVERS\aswFsBlk.sys C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 20560 bytes Created: 3/24/2009 5:24 PM Modified: 2/6/2009 10:07 AM Company: ALWIL Software ---------- Key: aswUpdSv ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 18752 bytes Created: 3/24/2009 11:16 AM Modified: 2/6/2009 10:01 AM Company: ALWIL Software ---------- Key: avast! Antivirus ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" C:\Program Files\Alwil Software\Avast4\ashServ.exe 138680 bytes Created: 3/24/2009 11:16 AM Modified: 2/6/2009 10:08 AM Company: ALWIL Software ---------- Key: avast! Mail Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 254040 bytes Created: 3/24/2009 11:16 AM Modified: 2/6/2009 10:08 AM Company: ALWIL Software ---------- Key: avast! Web Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 352920 bytes Created: 3/24/2009 11:16 AM Modified: 2/6/2009 10:06 AM Company: ALWIL Software ---------- Key: eabfiltr ImagePath: system32\DRIVERS\eabfiltr.sys C:\WINDOWS\system32\DRIVERS\eabfiltr.sys 7808 bytes Created: 3/15/2007 5:04 PM Modified: 9/19/2005 7:23 PM Company: Hewlett-Packard Development Company, L.P. ---------- Key: eabusb ImagePath: system32\DRIVERS\eabusb.sys C:\WINDOWS\system32\DRIVERS\eabusb.sys 5760 bytes Created: 3/15/2007 5:04 PM Modified: 9/19/2005 7:24 PM Company: Hewlett-Packard Development Company, L.P. ---------- Key: HBtnKey ImagePath: system32\DRIVERS\cpqbttn.sys C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 9344 bytes Created: 3/15/2007 5:04 PM Modified: 4/28/2008 8:22 PM Company: Hewlett-Packard Development Company, L.P. ---------- Key: HdAudAddService ImagePath: system32\drivers\CHDAud.sys C:\WINDOWS\system32\drivers\CHDAud.sys 581632 bytes Created: 6/3/2006 11:02 AM Modified: 7/26/2006 10:44 PM Company: Conexant Systems Inc. ---------- Key: HSFHWAZL ImagePath: system32\DRIVERS\HSFHWAZL.sys C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 211456 bytes Created: 4/21/2006 12:02 PM Modified: 11/1/2007 8:25 AM Company: Conexant Systems, Inc. ---------- Key: ialm ImagePath: system32\DRIVERS\ialmnt5.sys C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1166972 bytes Created: 3/23/2006 4:47 PM Modified: 3/23/2006 4:47 PM Company: Intel Corporation ---------- Key: iaStor ImagePath: system32\DRIVERS\iaStor.sys C:\WINDOWS\system32\DRIVERS\iaStor.sys 874240 bytes Created: 10/13/2005 9:07 PM Modified: 10/14/2005 5:07 AM Company: Intel Corporation ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 69632 bytes Created: 4/4/2005 12:41 AM Modified: 4/4/2005 12:41 AM Company: Macrovision Corporation ---------- Key: iPodService ImagePath: C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iPod\bin\iPodService.exe 323584 bytes Created: 10/18/2005 11:58 AM Modified: 10/18/2005 11:58 AM Company: Apple Computer, Inc. ---------- Key: JavaQuickStarterService ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" C:\Program Files\Java\jre6\bin\jqs.exe 152984 bytes Created: 3/10/2009 9:04 AM Modified: 3/10/2009 9:04 AM Company: Sun Microsystems, Inc. ---------- Key: KMWDFILTER ImagePath: system32\DRIVERS\KMWDFILTER.sys C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 17408 bytes Created: 10/9/2008 3:42 PM Modified: 10/9/2008 3:42 PM Company: Windows (R) Codename Longhorn DDK provider ---------- Key: Lavasoft Ad-Aware Service ImagePath: "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 951632 bytes Created: 1/19/2009 10:34 AM Modified: 3/10/2009 10:10 AM Company: Lavasoft ---------- Key: Lbd ImagePath: system32\DRIVERS\Lbd.sys C:\WINDOWS\system32\DRIVERS\Lbd.sys 64160 bytes Created: 3/10/2009 10:19 AM Modified: 3/10/2009 11:38 AM Company: Lavasoft AB ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{0B291343-867D-4556-B889-F13674D89156} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation ---------- Key: SynTP ImagePath: system32\DRIVERS\SynTP.sys C:\WINDOWS\system32\DRIVERS\SynTP.sys 224672 bytes Created: 3/15/2007 4:40 PM Modified: 3/28/2008 1:14 AM Company: Synaptics, Inc. ---------- Key: UIUSys ImagePath: system32\DRIVERS\UIUSYS.SYS C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS - [file not found to scan] ---------- ************************************************** ********** 12:25:02 PM: Scanning -----VXD ENTRIES----- ************************************************** ********** 12:25:02 PM: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key : igfxcui DLLName: igfxdev.dll C:\WINDOWS\system32\igfxdev.dll 139264 bytes Created: 3/23/2006 4:12 PM Modified: 3/23/2006 4:12 PM Company: Intel Corporation ---------- ************************************************** ********** 12:25:02 PM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: avast CLSID: {472083B0-C522-11CF-8763-00608CC02F24} Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll C:\Program Files\Alwil Software\Avast4\ashShell.dll 76880 bytes Created: 3/24/2009 11:16 AM Modified: 2/6/2009 10:04 AM Company: ALWIL Software ---------- Key: LavasoftShellExt CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} Path: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll 82272 bytes Created: 1/19/2009 10:34 AM Modified: 3/10/2009 11:40 AM Company: ---------- ************************************************** ********** 12:25:02 PM: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 357888 bytes Created: 8/28/2008 2:56 PM Modified: 8/28/2008 2:56 PM Company: Sun Microsystems, Inc. ---------- ************************************************** ********** 12:25:02 PM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 75128 bytes Created: 6/11/2008 10:33 PM Modified: 6/11/2008 10:33 PM Company: Adobe Systems Incorporated ---------- Key: {53707962-6F74-2D53-2644-206D7942484F} BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll C:\PROGRA~1\SPYBOT~1\SDHelper.dll 1879896 bytes Created: 3/24/2009 3:55 PM Modified: 1/26/2009 3:31 PM Company: Safer Networking Limited ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Program Files\Java\jre6\bin\ssv.dll C:\Program Files\Java\jre6\bin\ssv.dll 320920 bytes Created: 3/10/2009 9:04 AM Modified: 3/10/2009 9:04 AM Company: Sun Microsystems, Inc. ---------- Key: {DBC80044-A445-435b-BC74-9C25C1C588A9} BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll C:\Program Files\Java\jre6\bin\jp2ssv.dll 34816 bytes Created: 3/10/2009 9:04 AM Modified: 3/10/2009 9:04 AM Company: Sun Microsystems, Inc. ---------- Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 73728 bytes Created: 3/10/2009 9:04 AM Modified: 3/10/2009 9:04 AM Company: Sun Microsystems, Inc. ---------- ************************************************** ********** 12:25:03 PM: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************** ********** 12:25:03 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************** ********** 12:25:03 PM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************** ********** 12:25:03 PM: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************** ********** 12:25:03 PM: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************** ********** 12:25:03 PM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 5/11/2006 9:25 AM Modified: 5/11/2006 9:25 AM Company: [no info] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - no action taken on this file -------------------- ************************************************** ********** 12:25:03 PM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Marina [C:\Documents and Settings\Marina\START MENU\PROGRAMS\STARTUP] The Startup Group for Marina attempts to load the following file(s): C:\Documents and Settings\Marina\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 2/19/2009 6:00 PM Modified: 5/11/2006 9:25 AM Company: [no info] C:\Documents and Settings\Marina\START MENU\PROGRAMS\STARTUP\desktop.ini - no action taken on this file ---------- ************************************************** ********** 12:25:04 PM: Scanning ----- SCHEDULED TASKS ----- Taskname: Ad-Aware Update (Weekly).job File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe 542568 bytes Created: 1/19/2009 10:34 AM Modified: 3/10/2009 10:11 AM Company: Lavasoft Parameters: update all silent Next Run Time: 3/30/2009 10:20:00 AM Status: The task is ready to run at its next scheduled time Creator: SYSTEM Comments: This will perform a scheduled update with Ad-Aware ---------- Taskname: Google Software Updater.job File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Parameters: scheduled_start Next Run Time: 3/26/2009 12:43:00 PM Status: The task has not yet run Creator: SYSTEM Comments: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - [file not found to scan] ---------- Taskname: GoogleUpdateTaskMachine.job File: C:\Program Files\Google\Update\GoogleUpdate.exe Parameters: /c Next Run Time: Never Status: The task is ready to run at its next scheduled time Creator: Marina Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it. C:\Program Files\Google\Update\GoogleUpdate.exe - [file not found to scan] ---------- ************************************************** ********** 12:25:04 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************** ********** 12:25:04 PM: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: vidc.LEAD File: LCODCCMP.DLL LCODCCMP.DLL - [file not found to scan] ---------- Value: vidc.DIVX File: DivX.dll C:\WINDOWS\system32\DivX.dll 716800 bytes Created: 9/22/2004 1:26 PM Modified: 9/22/2004 1:26 PM Company: DivXNetworks, Inc. ---------- ************************************************** ********** 12:25:04 PM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Checking autorun.inf in D:\ D:\autorun.inf -HS- 53 bytes Created: 4/30/2004 8:01 AM Modified: 4/29/2004 10:01 AM Company: [no info] D:\autorun.inf ShellExecute entry: [Info.exe protect.ed 480 480] this is a known entry and has been left in place ---------- -------------------- Desktop Wallpaper: C:\Documents and Settings\Marina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\Marina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 3/12/2009 8:12 PM Modified: 3/24/2009 10:16 PM Company: [no info] ---------- Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\Marina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 3/12/2009 8:12 PM Modified: 3/24/2009 10:16 PM Company: [no info] ---------- Checks for rogue DNS NameServers completed ---------- ---------- Additional checks completed ************************************************** ********** 12:25:04 PM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe 50688 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\csrss.exe 6144 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\winlogon.exe 507904 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\services.exe 108544 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\lsass.exe 13312 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\svchost.exe 14336 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned -------------------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe - file already scanned -------------------- C:\WINDOWS\Explorer.EXE - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - file already scanned -------------------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe 49152 bytes Created: 5/18/2006 9:52 PM Modified: 5/18/2006 9:52 PM Company: Hewlett-Packard Company -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 135168 bytes Created: 3/15/2007 5:05 PM Modified: 5/2/2006 8:41 PM Company: Hewlett-Packard Development Company, L.P. -------------------- C:\WINDOWS\system32\wbem\unsecapp.exe 16896 bytes Created: 8/5/2004 5:00 PM Modified: 8/5/2004 5:00 PM Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\wbem\wmiprvse.exe 218112 bytes Created: 8/5/2004 5:00 PM Modified: 4/14/2008 1:12 PM Company: Microsoft Corporation -------------------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe - file already scanned -------------------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned -------------------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - file already scanned -------------------- C:\WINDOWS\system32\wuauclt.exe 51224 bytes Created: 8/5/2004 5:00 PM Modified: 10/16/2008 2:09 PM Company: Microsoft Corporation -------------------- C:\Documents and Settings\Marina\Application Data\Simply Super Software\Trojan Remover\kpo2.exe FileSize: 2933624 [This is a Trojan Remover component] -------------------- ************************************************** ********** 12:25:07 PM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************** ********** === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 12:25:07 PM 26 Mar 2009 Total Scan time: 00:00:08 ************************************************** ********** |
iammcb (14488) | ||
| 735364 | 2009-03-26 00:30:00 | Have you scanned the whole hard drive with Avast yet, since its been installed?? | Speedy Gonzales (78) | ||
| 735365 | 2009-03-26 00:33:00 | hi there yes i have done this found nothing xcept a cookie i think? i was happy with that :) |
iammcb (14488) | ||
| 1 2 3 4 5 6 | |||||