Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.ini

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.ini

Unread postby kstubbs » July 10th, 2012, 1:11 am

My Windows 7 desktop PC is infected with some malware. McAfee reports finding two files that it cannot quarantine or delete: C:\Windows\assembly\GAC_32\Desktop.ini and C:\Windows\assembly\GAC_64\Desktop.ini. It keeps prompting me to reboot so it can remove the files, but after rebooting it reports the same problem files. Also, McAfee's firewall keeps getting turned off; after I turn it back on, it is automatically turned off within seconds.

Additionally, Windows Control Panel reports that Windows Security Center Service is turned off. When I click the "Turn on now" button, an error pops up: "The Windows Security Center service can't be started."

Spyware Doctor does not detect the Desktop.ini problem files, nor does Malwarebytes.

Any help you can provide would be appreciated.

Here are the dds logs.

dds.txt
=====
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Keith at 14:32:48 on 2012-07-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6464 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Seagate Replica\bin\ReplicaSysMon.exe
C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623143648.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [EEventManager] C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\Keith\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DATAVI~1.LNK - C:\Program Files (x86)\Common Files\DataViz\DvzIncMsgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{1B4189E1-80A6-4351-B39A-D6F00B947380} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{3058A480-C18D-4450-8592-83A4BD20DE53} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Defender BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Defender BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623143648.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [EEventManager] C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun-x64: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\y0qka3c9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-12-3 546768]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-28 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-28 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-2 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-2 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 ReplicaSysMon;Seagate Replica System Monitor;C:\Program Files (x86)\Seagate Replica\bin\ReplicaSysMon.exe [2011-9-27 416208]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-12-3 402336]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-12-3 1117624]
R2 Seagate-Replica-Svc;Seagate Replica Service;C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe [2011-9-27 1947600]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-25 689472]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
R3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-25 13336]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-5 654408]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-28 249936]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257224]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-09 18:11:16 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-06-21 19:29:09 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 19:28:37 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 19:28:08 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 19:28:08 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 16:47:47 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-19 16:47:47 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-17 02:36:00 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 02:36:00 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-13 17:52:49 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-11 18:53:57 -------- d-----w- C:\Program Files\iPod
2012-06-11 18:53:56 -------- d-----w- C:\Program Files\iTunes
2012-06-11 15:39:33 -------- d-----w- C:\Users\Keith\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2012-07-09 03:14:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-09 03:14:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-23 05:32:26 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-07 17:38:47 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-07 17:38:47 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 14:43:11.02 ===============

attach.txt
========
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/29/2011 21:45:15
System Uptime: 7/9/2012 14:31:03 (0 hours ago)
.
Motherboard: Dell Inc. | | 05DN3X
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | CPU 1 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1385 GiB total, 868.673 GiB free.
D: is CDROM ()
G: is FIXED (NTFS) - 1863 GiB total, 185.782 GiB free.
H: is FIXED (NTFS) - 932 GiB total, 199.516 GiB free.
I: is FIXED (NTFS) - 466 GiB total, 3.031 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: DW1525 (802.11n) WLAN PCIe Card
Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_0203168C&REV_01\4&D8E527&0&00E2
Manufacturer: Atheros Communications Inc.
Name: DW1525 (802.11n) WLAN PCIe Card
PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_0203168C&REV_01\4&D8E527&0&00E2
Service: athr
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: PC Tools Data Store
Device ID: ROOT\LEGACY_PCTDS\0000
Manufacturer:
Name: PC Tools Data Store
PNP Device ID: ROOT\LEGACY_PCTDS\0000
Service: pctDS
.
==== System Restore Points ===================
.
RP121: 7/5/2012 14:50:36 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
8500A909_eDocs
8500A909_Help
8500A909g
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader for Palm OS, 3.05
Adobe Reader X (10.1.3)
APC PowerChute Personal Edition
Apple Application Support
Apple Software Update
Audacity 1.3.13 (Unicode)
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
Browser Defender 4.0
BufferChm
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.7
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Consumer In-Home Service Agreement
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Destinations
DeviceDiscovery
DirectX 9 Runtime
DocMgr
DocProc
Documents To Go
Documents To Go Desktop for iOS
Dropbox
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON Perfection V500 Photo Scanner Driver Update
EPSON Perfection V500P User's Guide
EPSON Scan
EPSON Scan Assistant
Exact Audio Copy 1.0beta1
FastStone Image Viewer 4.3
Fax
FLAC 1.2.1b (remove only)
GoToAssist 8.0.0.514
GPL Ghostscript 9.00
HP Update
HPDiagnosticAlert
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Internet Explorer
iWisoft Free Video Converter 1.2
Java Auto Updater
Java(TM) 6 Update 32
Junk Mail filter update
LAME v3.98.3 for Audacity
Legacy 7.5
Legacy Charting 7.5
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Robocopy GUI
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.48
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PC Tools Spyware Doctor 9.0
PDFTK Builder 3.5.3
PhotoShowExpress
ProductContext
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Scan
Scribus 1.3.3.14
Scribus 1.4.0
Seagate Replica v3.0.1801.8554
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Sonic CinePlayer Decoder Pack
Sony Sound Forge Audio Studio 8.0a
Status
SyncBack
THX TruStudio PC
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xenu's Link Sleuth
.
==== Event Viewer Messages From Past Week ========
.
7/9/2012 14:34:20, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
7/9/2012 14:32:16, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/9/2012 14:32:16, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/9/2012 14:31:56, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/9/2012 14:31:54, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/9/2012 14:31:54, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================
kstubbs
Regular Member
 
Posts: 26
Joined: December 12th, 2008, 2:51 pm
Advertisement
Register to Remove

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby melboy » July 11th, 2012, 3:08 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=======================================


ROOTKIT

Your computer is infected with a ROOTKIT. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
The rootkit gives an intruder remote backdoor access to your computer. This gives intruders complete control of your computer to log your keystrokes, steal personal & critical system information, and Download and Execute files

You are strongly advised to do the following:

If you do any banking or other financial transactions on the PC, or if it should contain any other sensitive information:

  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
    DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
.

Though the malware has been identified and can be killed, due to its rootkit & backdoor functionality, and there is no way that it can be sure it can be trusted again. Many experts in the security community believe that once infected with this type of malware, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby kstubbs » July 11th, 2012, 7:03 pm

Melboy,

Thanks for the straightforward advice. I guess reformat/reinstall is the prudent way to go, but I haven't done that sort of thing in about 15 years. I have a few questions.

1) I have about a terabyte of data to back up. I have copied it to two external drives, but the drives were connected to the PC at the time of infection & since. Do I have to worry about them being infected & carrying that over when I reconnect them to the PC after reformatting the C drive and reinstalling Windows 7? The two external drives are not bootable.

2) I have Seagate Replica running, which copies the C: drive OS, Desktop & Documents to one of the external drives. Do I have to worry about the malware hiding there and surviving to reinfect after the C: drive reformat/reinstall? If so, are there precautions or countermeasures I can take?

3) My PC is a Dell XPS 9100 which appears to offer a factory image restore via Dell DataSafe Local Backup. Should I try that first or go directly to the OS & driver CDs?

I'll await your response before initiating reformat/reinstall. Thanks.

kstubbs
kstubbs
Regular Member
 
Posts: 26
Joined: December 12th, 2008, 2:51 pm

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby melboy » July 11th, 2012, 8:39 pm

kstubbs wrote:1) I have about a terabyte of data to back up. I have copied it to two external drives, but the drives were connected to the PC at the time of infection & since. Do I have to worry about them being infected & carrying that over when I reconnect them to the PC after reformatting the C drive and reinstalling Windows 7? The two external drives are not bootable.
The infection you have (Sirefef/ZeroAccess rootkit) does not have the capability itself to spread via removable/external drives. It is possible for it to download and execute other malware - However there is no evidence of other malware present in your DDS logs.

It would be prudent to scan any backups before restoring.

Microsoft's Malware Protection Center general encyclopedia entry for the Sirefef/ZeroAccess rootkit is here:

http://www.microsoft.com/security/porta ... %2FSirefef

kstubbs wrote:2) I have Seagate Replica running, which copies the C: drive OS, Desktop & Documents to one of the external drives. Do I have to worry about the malware hiding there and surviving to reinfect after the C: drive reformat/reinstall? If so, are there precautions or countermeasures I can take?
It is likely that the malware's files have been backed up by Seagate if it backs up the OS and any new files or changes to existing ones. Again, any backups should be scanned before restoring.

kstubbs wrote:3) My PC is a Dell XPS 9100 which appears to offer a factory image restore via Dell DataSafe Local Backup. Should I try that first or go directly to the OS & driver CDs?
Either way would work.

DELL support documents are here:

http://support.dell.com/support/topics/ ... egacy=true
http://support.dell.com/support/topics/ ... egacy=true

Please feel free to ask any further questions you may have. :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby kstubbs » July 11th, 2012, 10:23 pm

I forgot to ask about one other thing. McAfee reports finding ZeroAccess in the following location:

\Device\HarddiskVolumeShadowCopy2\Windows\System32\services.exe

I don't recognize that location. I'm concerned about the possibility that it might be in Dell's DataSafe local backup. I would prefer to use DataSafe instead of CD media for the reformat/reinstall simply because it looks like more of a guided process requiring less research & expertise on my part. But if it risks carrying ZeroAccess over to the restored system, I'd rather not.
kstubbs
Regular Member
 
Posts: 26
Joined: December 12th, 2008, 2:51 pm

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby melboy » July 12th, 2012, 8:03 am

Hi

That is Windows own Volume Shadow Copy - Part of system restore & separate to Dell's DataSafe local backup.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby melboy » July 14th, 2012, 8:14 am

Hi kstubbs

  • Have you resolved this?
  • Do you still need help?
  • In accordance with Malware Removal policy, topics can be closed after 3 days without a response.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby kstubbs » July 14th, 2012, 4:49 pm

I think I've resolved it. I backed up most of my data (forgot a few things), scanned my external drives with MalwareBytes, reformatted C: and reinstalled Windows 7 image from Dell DataSafe, installed 90+ Microsoft updates, about half my apps so far, and everything seems ok. The big symptoms (firewall shut down, services.exe periodically racing to 30% of CPU) haven't recurred.

A fresh MalwareBytes scan revealed no problems (although I'm not sure what that proves since MalwareBytes didn't detect the ZeroAccess infection).

I'm trying Avast Free Antivirus and Windows firewall this time instead of the McAfee (the Cox version) and Spyware Doctor mix I was using, which seemed to be causing some odd little problems before (like Outlook sending/receiving properly the first time after a reboot, then failing until next reboot).

Do you think I can rely on the absence of symptoms or should I do further scanning & checking? If the latter, what would you recommend?

kstubbs
kstubbs
Regular Member
 
Posts: 26
Joined: December 12th, 2008, 2:51 pm

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby melboy » July 15th, 2012, 6:15 am

Hi

Formatting the C: drive & reinstalling the factory image should be enough in this case.

For peace of mind:

aswMBR

Download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click YES if prompted to scan with Avast! virus definitions.
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.



Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Right click SecurityCheck.exe and choose "Run as Administrator" to run it
  • Allow any UAC prompt.
  • Follow the onscreen instructions inside the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.
.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby kstubbs » July 15th, 2012, 12:00 pm

I ran the two checks. Here are the results.

I didn't realize Adobe Reader 9 was still there since it disappeared from the All Programs list when I installed Adobe Reader X.

aswMBR.txt
=========

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-15 11:40:00
-----------------------------
11:40:00.892 OS Version: Windows x64 6.1.7601 Service Pack 1
11:40:00.892 Number of processors: 8 586 0x1A05
11:40:00.892 ComputerName: KEITH-PC UserName: Keith
11:40:07.003 Initialize success
11:40:07.073 AVAST engine defs: 12071500
11:40:42.247 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:40:42.247 Disk 0 Vendor: ST315003 CC4G Size: 1430799MB BusType: 3
11:40:42.277 Disk 0 MBR read successfully
11:40:42.277 Disk 0 MBR scan
11:40:42.277 Disk 0 Windows 7 default MBR code
11:40:42.287 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:40:42.297 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 81920
11:40:42.317 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1418216 MB offset 25767936
11:40:42.337 Disk 0 scanning C:\Windows\system32\drivers
11:40:48.827 Service scanning
11:41:00.940 Modules scanning
11:41:00.950 Disk 0 trace - called modules:
11:41:00.970 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:41:00.980 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007de8790]
11:41:00.980 3 CLASSPNP.SYS[fffff88001b5f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b12050]
11:41:03.520 AVAST engine scan C:\Windows
11:41:07.660 AVAST engine scan C:\Windows\system32
11:43:06.275 AVAST engine scan C:\Windows\system32\drivers
11:43:21.827 AVAST engine scan C:\Users\Keith
11:48:03.546 AVAST engine scan C:\ProgramData
11:48:29.512 Scan finished successfully
11:52:01.635 Disk 0 MBR has been saved successfully to "C:\Users\Keith\Desktop\MBR.dat"
11:52:01.645 The log file has been saved successfully to "C:\Users\Keith\Desktop\aswMBR.txt"

checkup.txt
=========

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 33
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
kstubbs
Regular Member
 
Posts: 26
Joined: December 12th, 2008, 2:51 pm

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby melboy » July 15th, 2012, 12:22 pm

Hi

Yes, that all looks very good. :thumbleft:

Java(TM) 6 Update 33
Java version out of Date!

Note this update (u33) does in fact meet the security baseline for Version 6. However, support for version 6 ends this year (November). It is advisable to move to version 7 before that date.

It's possible that Adobe Reader 9 is no longer installed if you uninstalled it, but an orphaned Programs list entry remains.

Please delete aswMBR.exe & aswMBR.txt by right clicking the file and choosing Delete
Do the same for SecurityCheck.exe & checkup.txt


General Security and Computer Health

Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

Enable UAC

The User Account Control (UAC) helps protect your PC against malicious software. http://windows.microsoft.com/en-US/wind ... nt-control

  1. Click on Start > Control Panel.
  2. In the search box, type uac, and then click Change User Account Control settings.
  3. Move the slider to choose when you want to be notified (I recommend at least the Default level).
  4. Click OK.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Manually check for Windows updates via Start > All Programs > Windows Update > In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your PC, or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    • Malwarebytes' Anti-Malware
      As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
      It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges.
      You can now trial the full versions features within the program. Click the Protection Tab to see.


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby kstubbs » July 15th, 2012, 1:19 pm

Thanks, melboy.

I updated Java to 7, set UAC to max to see if I can tolerate that much notification, and installed WinPatrol and the mvps hosts file.

There are a few vestiges of Adobe Reader 9 in the Program Files (x86) directory including AdobeLinguistic.dll (Application extension) and AdbeRdrSD90_all (Windows Installer Package) but no executables. Adobe Reader 9 is not on the Control Panel Uninstall List but Spelling Dictionary Support for Adobe Reader 9 is. To my non-expert eye, it seems a little messy but not too worrisome.

I don't think I have any more questions. Thanks again for all your help. I've come to this site for help a couple of times before over the years and you've always been most helpful and effective in getting me through some challenging malware infections.
kstubbs
Regular Member
 
Posts: 26
Joined: December 12th, 2008, 2:51 pm

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby melboy » July 15th, 2012, 1:25 pm

You're most welcome. :)

Spelling Dictionary Support for Adobe Reader 9
I would uninstall that. As you now have version 10, that is redundant.

Stay Safe!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Infection: GAC_64\Desktop.iniand GAC_32\Desktop.

Unread postby deltalima » July 15th, 2012, 1:31 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware