Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Strange Folders

Started by Muzammil , Oct 15 2009 11:52 PM

  • This topic is locked This topic is locked
22 replies to this topic

#1 Muzammil

Muzammil

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 15 October 2009 - 11:52 PM

Hi, Yesterday my computer started acting strangely ! First all my folders' name were gone in thumbnails and then whenever i open a folder it creates a folder with the name of its root folder and an .exe extension. Now my computer is slow and whenever i try to open Task Manager it doesn't open , same is the case with regedit ! I recently formatted my harddisk and installed a fresh OS but it still is messed up !! I am unable to run rootrepeal and also DDS!! UPDATED(23:43 - 17/Oct/2009): The problem persists but there is a error whenever i start up the pc saying " Could not find scvhost.exe " -- something like that -- . It say scvhost.exe so i know its not svchost.exe which is windows essential !! Help would be appreciated ! Regards, Muzammil Ahmed.

Edited by Muzammil, 17 October 2009 - 10:40 AM.

    Advertisements

Register to Remove

#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 19 October 2009 - 10:23 PM

Hi Muzammil,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#3 Muzammil

Muzammil

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 October 2009 - 12:32 AM

Hello TOMK, The requested log is pasted below and here's an update : the computer seems to be working nicely but there is a startup registry name scvhost.exe which i disabled but its still there and all the name of the folders in thumbnails are gone and whenever i open up a folder it freezes for a couple of seconds then it resumes ! and you said there would be two logs but i see only one ! exeHelper by Raktor Build 20091018 Run at 20:23:39 on 10/19/09 Now searching... Checking for numerical processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished--

#4 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 20 October 2009 - 07:34 AM

Muzammil,

Well... it wasn't what I thought it might be. Let's try this:

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#5 Muzammil

Muzammil

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 October 2009 - 09:19 AM

Hello TOMK,
Heres the requested log:


ComboFix 09-10-19.02 - Administrator 10/20/2009 5:09.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3323.2766 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\28cb16e.msi
c:\windows\system32\autorun.ini
c:\windows\system32\Data
c:\windows\system32\setting.ini

.
((((((((((((((((((((((((( Files Created from 2009-09-20 to 2009-10-20 )))))))))))))))))))))))))))))))
.

2009-10-19 15:02 . 2009-10-19 15:02 -------- d-----w- c:\program files\MSECache
2009-10-19 14:05 . 2009-10-19 14:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-19 14:05 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 14:05 . 2009-10-19 14:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 14:05 . 2009-10-19 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 14:05 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 10:49 . 2009-10-19 10:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-10-19 10:47 . 2009-10-19 10:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 11:08 . 2009-10-18 11:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-18 11:01 . 2009-10-18 11:01 -------- d-----w- c:\windows\system32\scripting
2009-10-18 11:01 . 2009-10-18 11:01 -------- d-----w- c:\windows\system32\en
2009-10-18 11:01 . 2009-10-18 11:01 -------- d-----w- c:\windows\l2schemas
2009-10-18 11:01 . 2009-10-18 11:01 -------- d-----w- c:\windows\system32\bits
2009-10-17 16:32 . 2007-04-12 21:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2009-10-17 16:13 . 2009-10-19 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-17 16:13 . 2009-10-19 14:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-17 14:50 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\spupdwxp.exe
2009-10-17 14:49 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-10-17 13:38 . 2009-10-17 13:38 -------- d-----w- c:\program files\mkv2vob
2009-10-17 13:38 . 2009-10-17 13:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 13:36 . 2009-10-17 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
2009-10-17 13:36 . 2009-10-17 13:36 -------- d-----w- c:\program files\Orb Networks
2009-10-15 15:02 . 2009-10-15 15:02 -------- d--h--w- c:\windows\PIF
2009-10-15 15:01 . 2009-10-15 15:01 -------- d-----w- c:\program files\ERUNT
2009-10-15 14:57 . 2009-10-16 06:53 -------- d-----w- C:\$AVG
2009-10-15 14:57 . 2009-10-20 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-15 14:57 . 2009-10-15 14:57 -------- d-----w- c:\program files\AVG
2009-10-15 14:56 . 2009-10-15 16:02 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-15 14:46 . 2008-11-06 09:03 -------- d-----w- C:\SDFix
2009-10-15 12:12 . 2004-08-04 07:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-15 12:12 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-15 12:12 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-15 11:44 . 2009-10-15 12:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-10-15 11:44 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-15 11:44 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-15 11:44 . 2009-10-15 11:44 -------- d-----w- c:\program files\iPod
2009-10-15 11:44 . 2009-10-15 11:44 -------- d-----w- c:\program files\iTunes
2009-10-15 11:44 . 2009-10-15 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-15 11:43 . 2009-10-15 11:43 -------- d-----w- c:\program files\Bonjour
2009-10-15 11:43 . 2009-10-15 11:43 -------- d-----w- c:\program files\QuickTime
2009-10-15 11:43 . 2009-10-15 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-15 11:43 . 2009-10-15 11:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2009-10-15 11:43 . 2009-10-15 11:43 -------- d-----w- c:\program files\Apple Software Update
2009-10-15 11:42 . 2009-10-15 11:44 -------- d-----w- c:\program files\Common Files\Apple
2009-10-15 11:42 . 2009-10-15 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-15 09:51 . 2009-10-15 09:53 -------- dc----w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-10-15 09:51 . 2009-10-16 04:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\uniblue
2009-10-15 09:47 . 2009-10-15 09:53 -------- d-----w- c:\program files\Uniblue
2009-10-15 09:46 . 2009-10-15 09:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-10-15 04:15 . 2009-10-15 04:25 -------- d-----w- c:\documents and settings\Administrator\Phone Browser
2009-10-15 04:11 . 2009-10-15 04:11 -------- d-----w- c:\windows\Downloaded Installations
2009-10-14 17:01 . 2009-10-14 17:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Samsung
2009-10-14 17:00 . 2006-05-04 05:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2009-10-14 17:00 . 2009-10-14 17:00 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-10-14 17:00 . 2009-10-14 17:36 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-10-14 16:59 . 2009-10-14 16:59 -------- d-----w- c:\program files\Samsung
2009-10-14 14:49 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-14 14:48 . 2009-10-14 14:48 -------- d-----w- C:\divx
2009-10-14 14:44 . 2009-10-14 14:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-10-14 09:52 . 2009-10-15 12:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-10-13 08:10 . 2009-10-13 08:10 -------- d-----w- c:\windows\Sun
2009-10-13 03:07 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-13 03:07 . 2008-10-16 21:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-10-12 15:06 . 2009-10-12 15:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-10-12 12:33 . 2009-10-17 15:59 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-10-12 12:19 . 2009-10-12 12:19 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-12 12:19 . 2009-08-06 05:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-10-12 12:18 . 2009-10-12 12:18 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-12 12:17 . 2009-10-12 12:19 -------- d-----w- c:\program files\Microsoft
2009-10-12 12:17 . 2009-10-12 12:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-12 12:17 . 2009-10-12 12:19 -------- d-----w- c:\program files\Windows Live
2009-10-12 12:10 . 2009-10-12 12:10 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-12 10:22 . 2009-10-12 10:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-10-12 09:33 . 2009-10-12 09:33 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-12 09:29 . 2009-10-12 09:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-12 09:28 . 2009-10-12 09:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-12 09:26 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-12 09:26 . 2009-10-12 09:26 -------- d-----w- c:\windows\ie8updates
2009-10-12 09:26 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-12 09:26 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-12 09:26 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-12 09:26 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-12 09:26 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-12 09:26 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-12 09:25 . 2009-10-12 09:26 -------- dc-h--w- c:\windows\ie8
2009-10-12 08:12 . 2009-10-12 08:12 -------- d-----w- c:\documents and settings\Administrator\Contacts
2009-10-12 02:31 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-12 02:30 . 2009-10-18 10:59 -------- d-----w- c:\windows\ServicePackFiles
2009-10-11 20:18 . 2009-10-11 20:18 -------- d-----w- c:\windows\system32\LogFiles
2009-10-11 18:26 . 2009-10-11 18:26 -------- d-----w- c:\windows\Performance
2009-10-11 18:24 . 2009-10-11 18:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
2009-10-11 18:24 . 2009-10-11 18:24 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-11 17:49 . 2009-10-11 17:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-10-11 16:43 . 2009-10-11 16:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-11 16:43 . 2009-10-11 16:54 -------- d-----w- c:\program files\Java
2009-10-11 16:40 . 2009-10-11 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-10-11 16:34 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-10-11 16:32 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-10-11 16:32 . 2009-10-12 07:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-10-11 16:32 . 2009-10-11 16:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-10-11 16:32 . 2009-10-11 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-10-11 16:31 . 2009-10-17 14:52 -------- d-----w- c:\program files\Common Files\Nokia
2009-10-11 16:31 . 2009-10-11 16:31 -------- d-----w- c:\program files\DIFX
2009-10-11 16:31 . 2008-08-26 17:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-11 16:31 . 2009-10-11 16:31 -------- d-----w- c:\program files\PC Connectivity Solution
2009-10-11 16:31 . 2009-02-09 15:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-10-11 16:31 . 2009-02-09 15:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-10-11 16:31 . 2009-02-09 15:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-10-11 16:31 . 2009-02-09 15:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-10-11 16:31 . 2009-02-09 15:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-10-11 16:31 . 2009-02-09 15:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-10-11 16:31 . 2009-02-09 15:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-11 16:31 . 2009-10-17 14:52 -------- d-----w- c:\program files\Nokia
2009-10-11 16:30 . 2009-10-11 16:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo!
2009-10-11 16:30 . 2009-10-11 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-10-11 16:17 . 2009-10-11 16:44 -------- d-----w- c:\program files\PS3 Media Server
2009-10-11 11:39 . 2009-10-20 12:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
2009-10-11 11:39 . 2009-10-11 11:39 -------- d-----w- c:\program files\BitTorrent
2009-10-11 11:35 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-11 11:35 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-11 11:35 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-11 11:35 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-11 11:35 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-11 11:35 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-11 11:35 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 12:05 . 2006-01-01 12:35 23104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 10:58 . 2009-01-11 08:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-10-15 14:42 . 2009-10-14 14:43 -------- d-----w- c:\program files\DivX
2009-10-15 04:11 . 2006-01-01 12:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-15 04:07 . 2009-01-11 08:36 -------- d-----w- c:\program files\Internet Download Manager
2009-10-14 16:59 . 2006-01-01 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 14:49 . 2006-01-01 13:44 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-14 14:43 . 2009-10-14 14:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-11 16:32 . 2009-10-11 16:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-10-11 16:32 . 2009-10-11 16:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-09-11 14:18 . 2004-08-04 00:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 10:43 . 2009-09-16 12:26 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-09-04 21:03 . 2004-08-04 00:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 00:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2004-08-04 00:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:52 . 2009-08-05 02:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2004-08-03 23:18 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2004-08-04 00:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2001-08-23 14:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-07-26 23:44 . 2009-07-26 23:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2006-01-01 133104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-06-23 2815408]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2009-09-29 653104]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-10-27 3810544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Orb"="c:\program files\Orb Networks\Orb\bin\OrbLauncher.exe" [2009-10-07 573904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbLauncher.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbSetupWizard.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbControlPanel.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10/12/2009 5:19 AM 54752]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-926492609-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2006-01-01 08:30]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-926492609-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2006-01-01 08:30]

2009-10-20 c:\windows\Tasks\Orb Index when idle.job
- c:\program files\Orb Networks\Orb\bin\OrbLauncher.exe [2009-10-07 23:28]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-20 05:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-926492609-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,a3,cb,9a,71,4c,5f,47,ba,8a,8d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,a3,cb,9a,71,4c,5f,47,ba,8a,8d,\

[HKEY_USERS\S-1-5-21-2000478354-926492609-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4ecc83b9-93db-4aaf-95d2-af736c279e2a}]
@Denied: (Full) (Everyone)
"Model"=dword:00000124
"Therad"=dword:00000006
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,56,bb,60,ad,54,bf,3a,b3,02,c8,41,36,1e,0a,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6c,fa,78,84,d5,d0,d5,d6,92,34,73,62,aa,3e,84,0d,6a,07,cb,2e,65,
4a,9b,de,49,66,db,6d,bc,aa,14,dc,f8,63,28,2b,55,19,e0,65,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):19,af,34,41,68,c1,93,a3,e4,04,04,db,c3,73,6a,2d,bf,20,fb,2b,a5,
b3,16,ca,ad,05,44,3f,62,8c,14,02,af,90,1b,94,b8,f6,9a,8a,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e2ae1475-934b-4f61-b0d3-ec7a9d64f9dd}]
@Denied: (Full) (Everyone)
"Model"=dword:0000011e
"Therad"=dword:0000002b
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,51,c4,5c,06,a5,56,2b,b8,a5,dc,ce,c4,12,ad,eb,5f,83,e0,8b,c5,07,bb,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-10-20 12:11

Pre-Run: 71,624,757,248 bytes free
Post-Run: 71,783,723,008 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CEE03CAFF787EA1AAEB0FF9B991071B0

#6 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 20 October 2009 - 10:25 AM

Muzammil,

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    REGLOCKDEL::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4ecc83b9-93db-4aaf-95d2-af736c279e2a}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e2ae1475-934b-4f61-b0d3-ec7a9d64f9dd}]

Reglock::
[HKEY_USERS\S-1-5-21-2000478354-926492609-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

Registry::
[HKEY_USERS\S-1-5-21-2000478354-926492609-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#7 Muzammil

Muzammil

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 October 2009 - 10:46 AM

Hello TOMK,
During the execution of that script it asked me to update the CF or not so I clicked yes i hope that doesn't cause any problems in the outcome !

Here is the log:


ComboFix 09-10-19.04 - Administrator 10/20/2009 6:35.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3323.2781 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-09-20 to 2009-10-20 )))))))))))))))))))))))))))))))
.

2009-10-19 15:02 . 2009-10-19 15:02 -------- d-----w- c:\program files\MSECache
2009-10-19 14:05 . 2009-10-19 14:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-19 14:05 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 14:05 . 2009-10-19 14:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 14:05 . 2009-10-19 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 14:05 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 10:49 . 2009-10-19 10:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-10-19 10:47 . 2009-10-19 10:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 11:08 . 2009-10-18 11:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-18 11:01 . 2009-10-18 11:01 -------- d-----w- c:\windows\system32\scripting
2009-10-18 11:01 . 2009-10-18 11:01 -------- d-----w- c:\windows\system32\en
2009-10-18 11:01 . 2009-10-18 11:01 -------- d-----w- c:\windows\l2schemas
2009-10-18 11:01 . 2009-10-18 11:01 -------- d-----w- c:\windows\system32\bits
2009-10-17 16:32 . 2007-04-12 21:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2009-10-17 16:13 . 2009-10-19 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-17 16:13 . 2009-10-19 14:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-17 14:50 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\spupdwxp.exe
2009-10-17 14:49 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-10-17 13:38 . 2009-10-17 13:38 -------- d-----w- c:\program files\mkv2vob
2009-10-17 13:38 . 2009-10-17 13:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 13:36 . 2009-10-17 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
2009-10-17 13:36 . 2009-10-17 13:36 -------- d-----w- c:\program files\Orb Networks
2009-10-15 15:02 . 2009-10-15 15:02 -------- d--h--w- c:\windows\PIF
2009-10-15 15:01 . 2009-10-15 15:01 -------- d-----w- c:\program files\ERUNT
2009-10-15 14:57 . 2009-10-16 06:53 -------- d-----w- C:\$AVG
2009-10-15 14:57 . 2009-10-20 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-15 14:57 . 2009-10-15 14:57 -------- d-----w- c:\program files\AVG
2009-10-15 14:56 . 2009-10-15 16:02 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-15 14:46 . 2008-11-06 09:03 -------- d-----w- C:\SDFix
2009-10-15 12:12 . 2004-08-04 07:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-15 12:12 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-15 12:12 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-15 11:44 . 2009-10-15 12:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-10-15 11:44 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-15 11:44 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-15 11:44 . 2009-10-15 11:44 -------- d-----w- c:\program files\iPod
2009-10-15 11:44 . 2009-10-15 11:44 -------- d-----w- c:\program files\iTunes
2009-10-15 11:44 . 2009-10-15 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-15 11:43 . 2009-10-15 11:43 -------- d-----w- c:\program files\Bonjour
2009-10-15 11:43 . 2009-10-15 11:43 -------- d-----w- c:\program files\QuickTime
2009-10-15 11:43 . 2009-10-15 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-15 11:43 . 2009-10-15 11:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2009-10-15 11:43 . 2009-10-15 11:43 -------- d-----w- c:\program files\Apple Software Update
2009-10-15 11:42 . 2009-10-15 11:44 -------- d-----w- c:\program files\Common Files\Apple
2009-10-15 11:42 . 2009-10-15 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-15 09:51 . 2009-10-15 09:53 -------- dc----w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-10-15 09:51 . 2009-10-16 04:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\uniblue
2009-10-15 09:47 . 2009-10-15 09:53 -------- d-----w- c:\program files\Uniblue
2009-10-15 09:46 . 2009-10-15 09:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-10-15 04:15 . 2009-10-15 04:25 -------- d-----w- c:\documents and settings\Administrator\Phone Browser
2009-10-15 04:11 . 2009-10-15 04:11 -------- d-----w- c:\windows\Downloaded Installations
2009-10-14 17:01 . 2009-10-14 17:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Samsung
2009-10-14 17:00 . 2006-05-04 05:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2009-10-14 17:00 . 2009-10-14 17:00 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-10-14 17:00 . 2009-10-14 17:36 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-10-14 16:59 . 2009-10-14 16:59 -------- d-----w- c:\program files\Samsung
2009-10-14 14:49 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-14 14:48 . 2009-10-14 14:48 -------- d-----w- C:\divx
2009-10-14 14:44 . 2009-10-14 14:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-10-14 09:52 . 2009-10-15 12:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-10-13 08:10 . 2009-10-13 08:10 -------- d-----w- c:\windows\Sun
2009-10-13 03:07 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-13 03:07 . 2008-10-16 21:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-10-12 15:06 . 2009-10-12 15:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-10-12 12:33 . 2009-10-17 15:59 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-10-12 12:19 . 2009-10-12 12:19 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-12 12:19 . 2009-08-06 05:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-10-12 12:18 . 2009-10-12 12:18 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-12 12:17 . 2009-10-12 12:19 -------- d-----w- c:\program files\Microsoft
2009-10-12 12:17 . 2009-10-12 12:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-12 12:17 . 2009-10-12 12:19 -------- d-----w- c:\program files\Windows Live
2009-10-12 12:10 . 2009-10-12 12:10 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-12 10:22 . 2009-10-12 10:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-10-12 09:33 . 2009-10-12 09:33 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-12 09:29 . 2009-10-12 09:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-12 09:28 . 2009-10-12 09:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-12 09:26 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-12 09:26 . 2009-10-12 09:26 -------- d-----w- c:\windows\ie8updates
2009-10-12 09:26 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-12 09:26 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-12 09:26 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-12 09:26 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-12 09:26 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-12 09:26 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-12 09:25 . 2009-10-12 09:26 -------- dc-h--w- c:\windows\ie8
2009-10-12 08:12 . 2009-10-12 08:12 -------- d-----w- c:\documents and settings\Administrator\Contacts
2009-10-12 02:31 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-12 02:30 . 2009-10-18 10:59 -------- d-----w- c:\windows\ServicePackFiles
2009-10-11 20:18 . 2009-10-11 20:18 -------- d-----w- c:\windows\system32\LogFiles
2009-10-11 18:26 . 2009-10-11 18:26 -------- d-----w- c:\windows\Performance
2009-10-11 18:24 . 2009-10-11 18:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
2009-10-11 18:24 . 2009-10-11 18:24 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-11 17:49 . 2009-10-11 17:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-10-11 16:43 . 2009-10-11 16:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-11 16:43 . 2009-10-11 16:54 -------- d-----w- c:\program files\Java
2009-10-11 16:40 . 2009-10-11 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-10-11 16:34 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-10-11 16:32 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-10-11 16:32 . 2009-10-12 07:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-10-11 16:32 . 2009-10-11 16:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-10-11 16:32 . 2009-10-11 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-10-11 16:31 . 2009-10-17 14:52 -------- d-----w- c:\program files\Common Files\Nokia
2009-10-11 16:31 . 2009-10-11 16:31 -------- d-----w- c:\program files\DIFX
2009-10-11 16:31 . 2008-08-26 17:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-11 16:31 . 2009-10-11 16:31 -------- d-----w- c:\program files\PC Connectivity Solution
2009-10-11 16:31 . 2009-02-09 15:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-10-11 16:31 . 2009-02-09 15:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-10-11 16:31 . 2009-02-09 15:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-10-11 16:31 . 2009-02-09 15:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-10-11 16:31 . 2009-02-09 15:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-10-11 16:31 . 2009-02-09 15:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-10-11 16:31 . 2009-02-09 15:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-11 16:31 . 2009-10-17 14:52 -------- d-----w- c:\program files\Nokia
2009-10-11 16:30 . 2009-10-11 16:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo!
2009-10-11 16:30 . 2009-10-11 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-10-11 16:17 . 2009-10-11 16:44 -------- d-----w- c:\program files\PS3 Media Server
2009-10-11 11:39 . 2009-10-20 13:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
2009-10-11 11:39 . 2009-10-11 11:39 -------- d-----w- c:\program files\BitTorrent
2009-10-11 11:35 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-11 11:35 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-11 11:35 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-11 11:35 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-11 11:35 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-11 11:35 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-11 11:35 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 13:35 . 2009-01-11 08:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-10-20 12:05 . 2006-01-01 12:35 23104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 14:42 . 2009-10-14 14:43 -------- d-----w- c:\program files\DivX
2009-10-15 04:11 . 2006-01-01 12:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-15 04:07 . 2009-01-11 08:36 -------- d-----w- c:\program files\Internet Download Manager
2009-10-14 16:59 . 2006-01-01 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 14:49 . 2006-01-01 13:44 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-14 14:43 . 2009-10-14 14:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-11 16:32 . 2009-10-11 16:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-10-11 16:32 . 2009-10-11 16:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-09-11 14:18 . 2004-08-04 00:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 10:43 . 2009-09-16 12:26 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-09-04 21:03 . 2004-08-04 00:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 00:56 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 00:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2004-08-04 00:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:52 . 2009-08-05 02:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2004-08-03 23:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2004-08-04 00:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2001-08-23 14:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-07-26 23:44 . 2009-07-26 23:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2006-01-01 133104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-06-23 2815408]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2009-09-29 653104]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-10-27 3810544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Orb"="c:\program files\Orb Networks\Orb\bin\OrbLauncher.exe" [2009-10-07 573904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbLauncher.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbSetupWizard.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbControlPanel.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10/12/2009 5:19 AM 54752]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-926492609-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2006-01-01 08:30]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-926492609-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2006-01-01 08:30]

2009-10-20 c:\windows\Tasks\Orb Index when idle.job
- c:\program files\Orb Networks\Orb\bin\OrbLauncher.exe [2009-10-07 23:28]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-20 06:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\ADMINI~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-926492609-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\sxs.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-10-20 6:37
ComboFix-quarantined-files.txt 2009-10-20 13:37
ComboFix2.txt 2009-10-20 12:11

Pre-Run: 71,726,948,352 bytes free
Post-Run: 71,693,758,464 bytes free

- - End Of File - - 58B2D2DA3CD88725DA3D41E2432BF3CC

#8 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 20 October 2009 - 10:48 AM

Muzammil, You did perfect. How are things running now?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#9 Muzammil

Muzammil

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 October 2009 - 11:27 AM

Hello again, the computer is still doing the same but there is another issue now !! :( the folders are loading up fine but the names are still not there and sometimes it shows me an error saying "windows explorer has encountered a problem" i lost the actual text but it happens twice or thrice daily and one more thing, yesterday i scanned my computer with AVG 9.0 Free and it quarantined 504 files and i deleted them because they were all new folder.exe or some other folder . exe thank you for your time ! Muzammil Ahmed.

#10 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 20 October 2009 - 11:36 AM

Muzammil,

Please look at the ComboFix logs you provided. Specifically, look under the section:

((((((((((((((((((((((((( Files Created from 2009-09-20 to 2009-10-20 )))))))))))))))))))))))))))))))


Do you see any of the "strange folders" listed there?

If not, can you give me a few specific examples of these folders?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

    Advertisements

Register to Remove

#11 Muzammil

Muzammil

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 October 2009 - 11:44 AM

Hello, I cant see any folder in that section, the folders were not actually folders for example if i have a folder named "e:\Pics\ " if i navigated to these folders there was a file Pics.exe and if there was a subfolder xyz so if i navigated to that folder it would have xyz.exe fortunately that has stopped ! ^_^:D the explorer.exe error has occurred once more and i captured a screenshot ! and you can see the folders behind have no titles or names !

Attached Thumbnails

  • error.jpg

#12 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 20 October 2009 - 12:22 PM

Muzammil,

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#13 Muzammil

Muzammil

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 October 2009 - 01:05 PM

Hello ! I ran dds and here are the requested logs, DDS (Ver_09-10-13.01) - NTFSx86 Run by Administrator at 8:56:58.12 on Tue 10/20/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3323.2791 [GMT -7:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Orb Networks\Orb\bin\OrbLauncher.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Orb Networks\Orb\bin\Orb.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Desktop\dds (1).scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Settings,ProxyOverride = *.local BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Orb] "c:\program files\orb networks\orb\bin\OrbLauncher.exe" /background mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll ============= SERVICES / DRIVERS =============== R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-12 54752] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] =============== Created Last 30 ================ 2009-10-20 05:09 <DIR> a-dshr-- C:\cmdcons 2009-10-20 05:08 236,544 a------- c:\windows\PEV.exe 2009-10-20 05:08 161,792 a------- c:\windows\SWREG.exe 2009-10-20 05:08 98,816 a------- c:\windows\sed.exe 2009-10-19 08:02 <DIR> --d----- c:\program files\MSECache 2009-10-19 07:05 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-10-19 07:05 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-19 07:05 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-19 07:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-19 07:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-18 04:01 <DIR> --d----- c:\windows\system32\scripting 2009-10-18 04:01 <DIR> --d----- c:\windows\system32\en 2009-10-18 04:01 <DIR> --d----- c:\windows\l2schemas 2009-10-18 04:01 <DIR> --d----- c:\windows\system32\bits 2009-10-18 03:58 <DIR> --d----- c:\windows\network diagnostic 2009-10-17 09:32 129,024 a------- c:\windows\system32\AVERM.dll 2009-10-17 09:13 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-10-17 09:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-17 07:50 20,992 -------- c:\windows\system32\spupdwxp.exe 2009-10-17 07:49 290,816 -c------ c:\windows\system32\dllcache\l3codeca.acm 2009-10-17 06:38 <DIR> --d----- c:\program files\mkv2vob 2009-10-17 06:38 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2009-10-17 06:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OrbNetworks 2009-10-17 06:36 <DIR> --d----- c:\program files\Orb Networks 2009-10-15 08:02 <DIR> --d-h--- c:\windows\PIF 2009-10-15 07:57 <DIR> --d----- C:\$AVG 2009-10-15 07:57 <DIR> --d----- c:\program files\AVG 2009-10-15 07:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9 2009-10-15 07:56 <DIR> --d----- c:\windows\SxsCaPendDel 2009-10-15 07:46 <DIR> --d----- C:\SDFix 2009-10-15 05:12 159,232 a------- c:\windows\system32\ptpusd.dll 2009-10-15 05:12 5,632 a------- c:\windows\system32\ptpusb.dll 2009-10-15 05:12 15,104 a------- c:\windows\system32\drivers\usbscan.sys 2009-10-15 04:44 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-10-15 04:44 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-10-15 04:44 <DIR> --d----- c:\program files\iPod 2009-10-15 04:44 <DIR> --d----- c:\program files\iTunes 2009-10-15 04:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-15 04:43 <DIR> --d----- c:\program files\Bonjour 2009-10-15 02:51 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2009-10-15 02:51 <DIR> --d----- c:\docume~1\admini~1\applic~1\uniblue 2009-10-15 02:47 <DIR> --d----- c:\program files\Uniblue 2009-10-15 02:46 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0} 2009-10-14 21:15 <DIR> --d----- c:\documents and settings\administrator\Phone Browser 2009-10-14 21:11 <DIR> --d----- c:\windows\Downloaded Installations 2009-10-14 10:01 <DIR> --d----- c:\docume~1\admini~1\applic~1\Samsung 2009-10-14 10:00 174,592 a------- c:\windows\system32\framedyn.dll 2009-10-14 10:00 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers 2009-10-14 10:00 766 a------- c:\windows\system32\Uninstall.ico 2009-10-14 10:00 5,632 a------- c:\windows\system32\drivers\StarOpen.sys 2009-10-14 09:59 <DIR> --d----- c:\program files\Samsung 2009-10-14 07:49 178,176 a------- c:\windows\system32\unrar.dll 2009-10-14 07:48 <DIR> --d----- C:\divx 2009-10-14 07:43 <DIR> --d----- c:\program files\DivX 2009-10-14 07:43 <DIR> --d----- c:\program files\common files\DivX Shared 2009-10-14 06:55 3,255 a------- c:\windows\system32\wbem\Outlook_01ca4cd60ddfe12e.mof 2009-10-12 20:07 268,648 a------- c:\windows\system32\mucltui.dll 2009-10-12 20:07 208,744 a------- c:\windows\system32\muweb.dll 2009-10-12 20:07 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-10-12 08:06 5,120 a--sh--- c:\windows\system32\Thumbs.db 2009-10-12 08:06 7,680 a--sh--- c:\windows\Thumbs.db 2009-10-12 05:33 <DIR> --d----- c:\documents and settings\administrator\Tracing 2009-10-12 05:19 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector 2009-10-12 05:19 54,752 a------- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-10-12 05:17 <DIR> --d----- c:\program files\Microsoft 2009-10-12 05:17 <DIR> --d----- c:\program files\Windows Live SkyDrive 2009-10-12 05:10 <DIR> --d----- c:\program files\common files\Windows Live 2009-10-12 02:33 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE 2009-10-12 02:28 <DIR> --dsh--- c:\documents and settings\administrator\IETldCache 2009-10-12 02:26 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-10-12 02:26 <DIR> --d----- c:\windows\ie8updates 2009-10-12 02:26 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-10-12 02:26 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-10-12 02:26 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-10-12 02:26 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-10-12 02:26 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-12 02:26 11,069,440 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-10-12 02:25 <DIR> -cd-h--- c:\windows\ie8 2009-10-12 01:12 <DIR> --d----- c:\documents and settings\administrator\Contacts 2009-10-11 13:18 <DIR> --d----- c:\windows\system32\LogFiles 2009-10-11 11:26 <DIR> --d----- c:\windows\Performance 2009-10-11 11:24 <DIR> --d----- c:\program files\Microsoft Windows 7 Upgrade Advisor 2009-10-11 10:49 69 a------- c:\windows\NeroDigital.ini 2009-10-11 09:43 411,368 a------- c:\windows\system32\deploytk.dll 2009-10-11 09:43 73,728 a------- c:\windows\system32\javacpl.cpl 2009-10-11 09:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nokia 2009-10-11 09:34 26,112 a------- c:\windows\system32\drivers\usbser.sys 2009-10-11 09:32 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-10-11 09:32 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-10-11 09:32 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll 2009-10-11 09:31 <DIR> --d----- c:\program files\common files\Nokia 2009-10-11 09:31 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys 2009-10-11 09:31 <DIR> --d----- c:\program files\PC Connectivity Solution 2009-10-11 09:31 7,808 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-10-11 09:31 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys 2009-10-11 09:31 7,808 a------- c:\windows\system32\drivers\usbser_lowerflt.sys 2009-10-11 09:31 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll 2009-10-11 09:31 659,968 a------- c:\windows\system32\nmwcdcocls.dll 2009-10-11 09:31 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys 2009-10-11 09:31 91,136 a------- c:\windows\system32\nmwcdcls.dll 2009-10-11 09:31 <DIR> --d----- c:\program files\Nokia 2009-10-11 09:17 <DIR> --d----- c:\program files\PS3 Media Server 2009-10-11 04:39 <DIR> --d----- c:\docume~1\admini~1\applic~1\BitTorrent 2009-10-11 04:39 <DIR> --d----- c:\program files\BitTorrent 2009-10-11 04:35 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll 2009-10-11 04:35 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll 2009-10-11 04:35 284,160 -c------ c:\windows\system32\dllcache\pdh.dll 2009-10-11 04:35 110,592 -c------ c:\windows\system32\dllcache\services.exe 2009-10-11 04:35 730,112 -c------ c:\windows\system32\dllcache\lsasrv.dll 2009-10-11 04:35 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll 2009-10-11 04:35 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll 2009-10-11 04:35 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll 2009-10-11 04:35 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe 2009-10-11 04:35 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe 2009-10-11 04:35 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe 2009-10-11 04:35 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe 2009-10-11 04:17 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll 2009-10-11 04:13 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2009-10-11 04:13 272,128 -------- c:\windows\system32\drivers\bthport.sys 2009-10-11 03:58 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-10-11 03:31 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys 2009-10-11 03:30 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2009-10-11 03:29 333,952 -c------ c:\windows\system32\dllcache\srv.sys 2009-10-11 03:27 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-10-11 03:13 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2009-10-11 03:04 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe 2009-10-11 03:04 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-10-11 03:00 <DIR> --d----- c:\windows\system32\PreInstall 2009-10-11 03:00 <DIR> --d-h--- c:\windows\$hf_mig$ ==================== Find3M ==================== 2009-10-18 04:03 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-09-11 07:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-09 03:43 210,352 a------- c:\windows\system32\idmmbc.dll 2009-09-04 14:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 01:08 916,480 -------- c:\windows\system32\wininet.dll 2009-08-26 01:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-08-04 08:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe 2009-08-04 07:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe 2009-07-28 21:37 119,808 a------- c:\windows\system32\t2embed.dll 2009-07-28 21:37 81,920 -------- c:\windows\system32\fontsub.dll 2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll ============= FINISH: 8:57:18.98 ===============

Attached Files


#14 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 20 October 2009 - 07:04 PM

Muzammil,

JavaRa ...by: Paul McLain and Fred de Vries

Please download JavaRa (Copyright © 2008 RaProducts.org) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
  • Copy and paste the contents of the JavaRa log, in your next reply.


About your screen shot. Is this only happening on the E: drive or does it happen on all 4 drives?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#15 Muzammil

Muzammil

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 October 2009 - 11:32 PM

Hello TomK,
The folders are like that in all the drives, while searching through the web i came accross http://www.tomshardw...mbnail-pictures it might solve it
should i go for it and here is the requested log,

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Oct 20 19:23:07 2009

Found and removed: C:\Program Files\Java\jre1.6.0_10

Found and removed: C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_10

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·