Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

rundll32.exe hijacking my PC

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

rundll32.exe hijacking my PC

Unread postby brettule » April 1st, 2011, 5:41 pm

Hi all, when my PC boots there is rundll32.exe process which kicks off and performs a bunch of nasty things like disabling windows security and hijacking IE sending me to nasty websites. None of my AV software (Symantec Endpoint, Malwarebytes, Spybot S&D) detect any problems with my PC. How to I clean this one from my PC?

Logs as follows:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 8:26:29.60 on Sat 02/04/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3582.2771 [GMT 11:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\vuze.lnk - c:\program files\vuze\Azureus.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: LocalAccountTokenFilterPolicy = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-25 218688]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-27 176128]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-27 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-27 238592]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-21 102448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-23 1343400]
.
=============== Created Last 30 ================
.
2011-03-30 07:54:22 3404136 ----a-w- c:\windows\system32\procexp.exe
2011-03-28 04:44:35 -------- d-----w- c:\users\admini~1\appdata\roaming\LucasArts
2011-03-28 02:08:14 388096 ----a-r- c:\users\admini~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-28 02:08:14 -------- d-----w- c:\program files\Trend Micro
2011-03-28 02:05:55 -------- d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2011-03-28 00:10:54 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
2011-03-28 00:10:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-28 00:10:50 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-28 00:10:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-28 00:10:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-27 21:33:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-27 21:33:51 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-25 05:44:17 99840 --sha-r- c:\windows\system32\NcdPropi.dll
2011-03-20 23:19:35 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-20 23:19:33 -------- d-----w- c:\users\admini~1\appdata\roaming\PunkBuster
2011-03-17 00:08:14 -------- d-----w- c:\windows\icons
2011-03-10 09:02:57 -------- d-----w- c:\users\admini~1\appdata\local\Turbine
2011-03-10 09:02:52 -------- d-----w- c:\users\admini~1\appdata\local\ApplicationHistory
2011-03-10 08:38:12 -------- d-----w- c:\windows\system32\URTTEMP
2011-03-09 09:05:17 -------- d-----w- c:\users\admini~1\appdata\roaming\WinEdt Team
2011-03-09 09:02:09 -------- d-----w- c:\program files\WinEdt Team
2011-03-09 03:44:17 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 03:44:17 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 03:44:17 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 03:44:14 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 03:44:14 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 03:44:14 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 03:44:14 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-07 11:04:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
==================== Find3M ====================
.
2011-02-21 04:41:41 0 ----a-w- c:\windows\ativpsrm.bin
2011-01-26 23:00:44 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 23:00:30 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-26 22:59:46 17204736 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-26 22:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:55:54 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 22:55:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 22:54:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-01-26 22:53:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-26 22:53:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-26 22:53:34 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 22:53:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-26 22:49:44 4105728 ----a-w- c:\windows\system32\atidxx32.dll
2011-01-26 22:32:12 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-01-26 22:28:52 4170752 ----a-w- c:\windows\system32\atiumdag.dll
2011-01-26 22:27:50 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-26 22:27:40 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-26 22:25:50 5580800 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-26 22:24:18 3463680 ----a-w- c:\windows\system32\atiumdva.dll
2011-01-26 22:20:44 52736 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 22:14:06 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 22:13:52 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 22:13:42 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-01-26 22:12:40 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2011-01-26 22:12:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-01-17 05:47:13 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-07 07:46:34 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:46:34 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:45:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 06:01:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-07 05:43:36 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:55:55 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:51:01 2330624 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 8:27:02.58 ===============
You do not have the required permissions to view the files attached to this post.
brettule
Active Member
 
Posts: 3
Joined: April 1st, 2011, 5:31 pm
Advertisement
Register to Remove

Re: rundll32.exe hijacking my PC

Unread postby askey127 » April 5th, 2011, 8:27 am

Hi brettule,
Set System restore on C: drive
Open System in the Control panel, and click the System protection link in the left pane.
Enable System protection for the C: System Drive. If you click Configure Settings, click the Restore System Settings button, and set 3% for Drive space. That should be enough.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program Vuze in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Limewire, Vuze, Shareaza, Bitlord.
(Limewire has just been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Vuze

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
    If you have a 64-bit version of Windows, check the box at the top, labeled Include 64 bit scans
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  4. Click on the Run Scan button at the top left hand corner.
  5. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
Please post the contents of these files.
You may use separate replies if you wish.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: rundll32.exe hijacking my PC

Unread postby brettule » April 5th, 2011, 7:19 pm

Done as asked.
You do not have the required permissions to view the files attached to this post.
brettule
Active Member
 
Posts: 3
Joined: April 1st, 2011, 5:31 pm

Re: rundll32.exe hijacking my PC

Unread postby askey127 » April 6th, 2011, 6:04 am

This is a teaching site, so we prefer all logs to be posted intact, and not as downloads or zip files. This provides the clearest examples.
Thanks.

I am taking the liberty of posting the logs here.

OTL logfile created on: 6/04/2011 9:10:27 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 40.96 Gb Free Space | 17.59% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 45.54 Gb Free Space | 4.89% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 252.73 Gb Free Space | 54.26% Space Free | Partition Type: NTFS

Computer Name: UK-ANARCHIST | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 09:02:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/01/27 08:55:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/01/27 08:55:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/11/21 07:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/21 07:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/03 00:13:42 | 000,470,544 | ---- | M] () -- C:\Program Files\Core Temp\Core Temp.exe
PRC - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 17:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/14 11:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/08 19:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/05/21 07:37:00 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE


========== Modules (SafeList) ==========

MOD - [2011/04/06 09:02:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/11/21 07:29:06 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 11:15:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/27 08:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 16:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)
DRV - [2011/03/30 18:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110404.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/30 18:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110404.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/02/25 09:24:38 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/21 15:08:17 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/02/15 09:33:34 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/02/15 09:33:34 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/27 09:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/01/27 09:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/27 08:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/21 07:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/21 07:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/21 07:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/21 07:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/21 07:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/21 07:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/21 07:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/21 07:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/17 22:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2009/09/17 17:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 17:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/08/26 10:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 19:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 19:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 19:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/07/14 09:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2009/05/27 13:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2005/04/05 16:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3236040477-2822557022-1576239767-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page
IE - HKU\S-1-5-21-3236040477-2822557022-1576239767-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-3236040477-2822557022-1576239767-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-3236040477-2822557022-1576239767-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 D6 B2 57 89 D1 CB 01 [binary data]
IE - HKU\S-1-5-21-3236040477-2822557022-1576239767-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKU\S-1-5-21-3236040477-2822557022-1576239767-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3236040477-2822557022-1576239767-500..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O7 - HKU\S-1-5-21-3236040477-2822557022-1576239767-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.254.254.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7a8cdd6c-3fa0-11e0-97a0-000476f87644}\Shell - "" = AutoRun
O33 - MountPoints2\{7a8cdd6c-3fa0-11e0-97a0-000476f87644}\Shell\AutoRun\command - "" = M:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/06 09:02:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/04/05 19:18:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/04/02 17:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/04/02 17:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/03/30 17:54:22 | 003,404,136 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\procexp.exe
[2011/03/28 14:44:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\LucasArts
[2011/03/28 14:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2011/03/28 12:39:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Homefront
[2011/03/28 12:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/28 12:08:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/03/28 10:10:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/03/28 10:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/28 10:10:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/28 10:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/28 10:10:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/28 10:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/28 07:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/28 07:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/03/28 07:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/21 11:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011/03/21 09:19:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PunkBuster
[2011/03/21 09:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011/03/21 09:11:50 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/03/17 10:08:14 | 000,000,000 | ---D | C] -- C:\Windows\icons
[2011/03/10 19:02:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Turbine
[2011/03/10 19:02:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ApplicationHistory
[2011/03/10 18:38:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2011/03/09 19:05:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinEdt Team
[2011/03/09 19:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinEdt 6
[2011/03/09 19:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinEdt Team
[2011/03/09 19:01:34 | 007,647,939 | ---- | C] (WinEdt Team) -- C:\Users\Administrator\Desktop\winedt60.exe
[2011/03/09 13:44:17 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/09 13:44:17 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/09 13:44:14 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 13:44:14 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/03/09 13:44:14 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 13:44:14 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/08 19:15:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Ex_Files_PSCS5_Photog
[2011/03/07 21:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/03/07 21:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/07 21:04:26 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/03/07 21:04:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/07 21:04:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/07 21:04:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/07 21:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/03/07 21:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/06 09:10:42 | 000,668,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/06 09:10:42 | 000,126,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/06 09:03:42 | 000,000,328 | -HS- | M] () -- C:\Windows\tasks\dzwhbaxdts.job
[2011/04/06 09:03:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/06 09:03:28 | 2817,380,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/06 09:02:42 | 000,022,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 09:02:42 | 000,022,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 09:02:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/04/05 19:19:24 | 000,000,693 | ---- | M] () -- C:\Users\Administrator\Desktop\Teamspeak 2 RC2.lnk
[2011/03/28 12:08:14 | 000,002,999 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2011/03/25 15:44:17 | 000,099,840 | RHS- | M] () -- C:\Windows\System32\NcdPropi.dll
[2011/03/14 11:52:36 | 003,404,136 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\procexp.exe
[2011/03/10 19:03:02 | 000,000,101 | ---- | M] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011/03/09 19:01:34 | 007,647,939 | ---- | M] (WinEdt Team) -- C:\Users\Administrator\Desktop\winedt60.exe
[2011/03/08 07:09:43 | 003,622,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/07 21:04:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/03/07 21:04:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/07 21:04:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/07 21:04:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/28 12:08:14 | 000,002,999 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2011/03/25 15:44:17 | 000,099,840 | RHS- | C] () -- C:\Windows\System32\NcdPropi.dll
[2011/03/25 15:44:17 | 000,000,328 | -HS- | C] () -- C:\Windows\tasks\dzwhbaxdts.job
[2011/03/21 09:19:35 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/03/10 19:03:02 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011/03/09 19:02:21 | 000,001,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinEdt 6
[2011/02/21 17:27:07 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLfNL.DLL
[2011/02/21 16:26:42 | 000,007,607 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2011/02/21 14:41:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/21 12:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/18 02:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/11/21 07:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/10/14 00:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 003,622,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,668,290 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,126,482 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/02/21 21:47:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\calibre
[2011/02/25 09:27:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2011/02/21 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit Software
[2011/03/28 14:44:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LucasArts
[2011/03/21 09:19:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PunkBuster
[2011/03/02 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/09 19:05:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinEdt Team
[2011/04/06 09:03:42 | 000,000,328 | -HS- | M] () -- C:\Windows\Tasks\dzwhbaxdts.job
[2011/04/06 08:58:21 | 000,007,916 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 6/04/2011 9:06:30 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 41.02 Gb Free Space | 17.61% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 45.54 Gb Free Space | 4.89% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 252.73 Gb Free Space | 54.26% Space Free | Partition Type: NTFS

Computer Name: UK-ANARCHIST | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5968F27A-66E6-171E-5311-0A74D74AAD9B}" = ATI Catalyst Install Manager
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85092B90-AEB2-2E30-0EF1-432EC61F6BD1}" = Catalyst Control Center InstallProxy
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C7EA1AF1-F908-0832-AA52-5EDBE128FD6B}" = ccc-core-static
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E9D4FBA9-FB46-A5CE-F52F-516C4B8F0373}" = ccc-utility
"{EB0E062C-575D-8154-2682-C84EF432CCF0}" = Catalyst Control Center Graphics Previews Common
"{EDD7B70D-36D0-694D-AA34-D566A13CE98D}" = WMV9/VC-1 Video Playback
"{EEA54973-AFC8-21C8-1414-246AA9435890}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4BD3B39-3AA8-45BE-B68F-7E83F38B20AA}" = calibre
"{FA9B0F6B-AC6D-401C-0099-00000628D82A}" = Symantec Ghost Standard Tools
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DAEMON Tools Lite" = DAEMON Tools Lite
"Foxit Reader" = Foxit Reader
"LEGO Star Wars III The Clone Wars" = LEGO Star Wars III The Clone Wars
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PunkBusterSvc" = PunkBuster Services
"WinEdt 6" = WinEdt 6
"WinLiveSuite" = Windows Live Essentials
"WinRAR" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/04/2011 8:36:59 PM | Computer Name = uk-anarchist | Source = Application Error | ID = 1000
Description = Faulting application name: LEGOCloneWars.exe, version: 1.0.0.0, time
stamp: 0x4d5abe1c Faulting module name: LEGOCloneWars.exe, version: 1.0.0.0, time
stamp: 0x4d5abe1c Exception code: 0xc0000005 Fault offset: 0x00443a69 Faulting process
id: 0x9f8 Faulting application start time: 0x01cbf0bf0772f0c5 Faulting application
path: D:\Games\LEGO Star Wars III The Clone Wars\LEGOCloneWars.exe Faulting module
path: D:\Games\LEGO Star Wars III The Clone Wars\LEGOCloneWars.exe Report Id: 5168d382-5cc1-11e0-b327-000476f87644

Error - 2/04/2011 3:38:51 AM | Computer Name = uk-anarchist | Source = MsiInstaller | ID = 11714
Description =

Error - 3/04/2011 3:38:16 AM | Computer Name = uk-anarchist | Source = MsiInstaller | ID = 11714
Description =

Error - 4/04/2011 3:38:07 AM | Computer Name = uk-anarchist | Source = MsiInstaller | ID = 11714
Description =

Error - 4/04/2011 4:45:05 AM | Computer Name = uk-anarchist | Source = Application Error | ID = 1000
Description = Faulting application name: LEGOCloneWars.exe, version: 1.0.0.0, time
stamp: 0x4d5abe1c Faulting module name: LEGOCloneWars.exe, version: 1.0.0.0, time
stamp: 0x4d5abe1c Exception code: 0xc0000005 Fault offset: 0x0089d984 Faulting process
id: 0x92c Faulting application start time: 0x01cbf292f3d4656e Faulting application
path: D:\Games\LEGO Star Wars III The Clone Wars\LEGOCloneWars.exe Faulting module
path: D:\Games\LEGO Star Wars III The Clone Wars\LEGOCloneWars.exe Report Id: d5cecb83-5e97-11e0-b327-000476f87644

Error - 5/04/2011 3:38:22 AM | Computer Name = uk-anarchist | Source = MsiInstaller | ID = 11714
Description =

Error - 5/04/2011 5:18:33 AM | Computer Name = uk-anarchist | Source = MsiInstaller | ID = 11905
Description =

Error - 5/04/2011 6:51:28 PM | Computer Name = uk-anarchist | Source = WinMgmt | ID = 10
Description =

Error - 5/04/2011 6:59:26 PM | Computer Name = uk-anarchist | Source = WinMgmt | ID = 10
Description =

Error - 5/04/2011 7:05:11 PM | Computer Name = uk-anarchist | Source = WinMgmt | ID = 10
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: rundll32.exe hijacking my PC

Unread postby askey127 » April 6th, 2011, 6:36 am

brettule,
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    [2011/04/06 09:03:42 | 000,000,328 | -HS- | M] () -- C:\Windows\Tasks\dzwhbaxdts.job
    O3 - HKU\S-1-5-21-3236040477-2822557022-1576239767-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\S-1-5-21-3236040477-2822557022-1576239767-500..\Run: [AdobeBridge]  File not found
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1
    
    :Files
    C:\Windows\Tasks\dzwhbaxdts.job
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

----------------------------------------------
Disable CD Emulator(s)
We need to use powerful tools to investigate your system. *If* you are are using a CD Emulator (Daemon Tools, Alcohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since the hidden drivers from CD Emulators can be seen as a rootkit, we need to remove or disable them until disinfection is completed.

Please download DeFogger by jpshortstuff and save it to your desktop.
  • Double click DeFogger.exe to run the tool.
  • The application window will appear.
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK...DeFogger will now ask to reboot the machine...click OK. If not, reboot manually.
  • Do not re-enable these drivers until instructed or your system has been cleaned.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right Click on TDSSKiller.exe and choose "Run as administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
  • OTL Quick Scan results OTL.txt
  • Report from TDSSKiller
  • Please tell me exactly what version of Windows you have (Control Panel, System) and any Service packs shown.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: rundll32.exe hijacking my PC

Unread postby askey127 » April 9th, 2011, 7:50 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 121 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware