TechSpot

System Check virus

Solved
By Allieraptor
Jan 19, 2012
  1. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    OTL txt cont.

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010/08/19 19:04:34 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >
    [2003/08/06 14:08:19 | 000,081,676 | ---- | M] () -- C:\WINDOWS\alienware logo_slvr.jpg
    [2003/08/06 14:08:19 | 000,081,676 | ---- | M] () -- C:\WINDOWS\alienware_logo_slvr.jpg
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >
    [2007/08/14 07:51:03 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Alienware games download store.url

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011/05/31 10:37:32 | 003,854,848 | ---- | M] () -- C:\Program Files\AdbeRdrUpd944_all_incr.msp
    [2011/05/31 10:32:19 | 012,795,016 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\AdobeAIRInstaller.exe
    [2010/04/27 14:56:25 | 004,169,301 | ---- | M] () -- C:\Program Files\FileZilla_3.3.2.1_win32-setup.exe
    [2011/07/16 23:12:40 | 000,683,792 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
    [2011/05/31 10:43:57 | 035,624,744 | ---- | M] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
    [2010/02/15 12:55:06 | 001,146,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wlsetup-custom.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/08/19 13:37:40 | 004,718,592 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2010/08/19 18:25:07 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
    [2010/08/19 13:37:40 | 040,894,464 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2010/08/19 13:37:40 | 006,553,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/19 21:31:19 | 004,388,721 | R--- | M] (Swearware) -- C:\Documents and Settings\Jazz\Desktop\Allie_S.exe
    [2012/01/20 00:09:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jazz\Desktop\OTL.exe
    [2012/01/19 22:07:19 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Jazz\Desktop\rkill.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2003/09/22 12:36:46 | 000,013,448 | ---- | M] () -- C:\WINDOWS\M2000Twn.src
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/09/26 20:38:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jazz\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/12 06:39:00 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Jazz\Cookies\desktop.ini
    [2012/01/20 00:10:16 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Jazz\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
    [1 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

    < %SYSTEMROOT%\Installer\*.exe >
    [2005/12/04 18:14:58 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 03:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 21:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 03:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 21:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 21:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 21:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware_logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc

    < End of report >
     
  2. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    Extras txt

    OTL Extras logfile created on: 1/20/2012 12:10:49 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jazz\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.04% Memory free
    4.84 Gb Paging File | 4.21 Gb Available in Paging File | 87.06% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 26.98 Gb Free Space | 24.14% Space Free | Partition Type: NTFS

    Computer Name: AREA51 | User Name: Jazz | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %*

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %*

    [HKEY_USERS\S-1-5-21-1783131627-3882024231-2920578519-1004\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
    "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Aspyr\1701 A.D\1701.exe" = C:\Program Files\Aspyr\1701 A.D\1701.exe:*:Enabled:1701 A.D. -- (Related Designs Software GmbH)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
    "C:\Program Files\Giraffic\Veoh_Giraffic.exe" = C:\Program Files\Giraffic\Veoh_Giraffic.exe:*:Enabled:Veoh Giraffic (Agent) -- (Giraffic)
    "C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe" = C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe:*:Enabled:Veoh Giraffic (Watchdog) -- (Giraffic)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{18039280-98B7-4C5E-AAC0-10EBC9731033}" = Nero 7 Essentials
    "{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
    "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
    "{3B0293FF-A9C4-4A41-A0D5-1302429EF0DE}" = Xara Xtreme Pro
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
    "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
    "{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
    "{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
    "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
    "{6C3CA595-C639-427A-AD69-0CFD56041762}" = Function Key Controller
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{796CE7A8-37DD-54B3-75CF-E188739B918F}" = TweetDeck
    "{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
    "{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = 1701 A.D.
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
    "{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
    "{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "Artisteer 2" = Artisteer 2
    "avast" = avast! Free Antivirus
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "EADM" = EA Download Manager
    "Eye Candy 4000" = Alien Skin Eye Candy 4000
    "FileZilla Client" = FileZilla Client 3.4.0
    "FLV Player" = FLV Player 2.0 (build 25)
    "FLVPlayer" = FLV Player 1.3.3
    "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
    "Free FLV Converter_is1" = Free FLV Converter V 6.3.0
    "Free Studio_is1" = Free Studio version 4.1
    "Giraffic" = Veoh Giraffic Video Accelerator
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "LimeWire" = LimeWire 5.5.6
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "ProInst" = Intel(R) PROSet/Wireless Software
    "RealPlayer 12.0" = RealPlayer
    "Secunia PSI" = Secunia PSI
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Tropico3" = Tropico 3 1.02
    "TuneUp Utilities" = TuneUp Utilities
    "Uninstall_is1" = Uninstall 1.0.0.1
    "Veoh Web Player Beta" = Veoh Web Player
    "VLC media player" = VLC media player 1.1.11
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WMV9_VCM" = Microsoft Windows Media Video 9 VCM
    "Xara Xtreme Pro 4 e-version UK" = Xara Xtreme Pro 4 e-version
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1783131627-3882024231-2920578519-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/19/2012 4:02:33 AM | Computer Name = AREA51 | Source = Application Error | ID = 1000
    Description = Faulting application sdupdate.exe, version 1.6.0.12, faulting module
    kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

    Error - 1/19/2012 4:59:46 AM | Computer Name = AREA51 | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x4ec674b2.

    Error - 1/19/2012 1:42:43 PM | Computer Name = AREA51 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 1/19/2012 1:42:43 PM | Computer Name = AREA51 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 1/19/2012 1:42:43 PM | Computer Name = AREA51 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 1/19/2012 1:42:43 PM | Computer Name = AREA51 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 1/19/2012 11:01:31 PM | Computer Name = AREA51 | Source = Application Hang | ID = 1002
    Description = Hanging application psi.exe, version 1.5.0.2, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 1/19/2012 11:01:31 PM | Computer Name = AREA51 | Source = Application Hang | ID = 1002
    Description = Hanging application psi.exe, version 1.5.0.2, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 1/20/2012 12:23:08 AM | Computer Name = AREA51 | Source = Application Error | ID = 1000
    Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
    teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

    Error - 1/20/2012 12:23:10 AM | Computer Name = AREA51 | Source = Application Error | ID = 1000
    Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
    teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

    [ System Events ]
    Error - 1/20/2012 12:26:59 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7001
    Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
    service which failed to start because of the following error: %%31

    Error - 1/20/2012 12:26:59 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7001
    Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
    service which failed to start because of the following error: %%31

    Error - 1/20/2012 12:26:59 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7001
    Description = The IPSEC Services service depends on the IPSEC driver service which
    failed to start because of the following error: %%31

    Error - 1/20/2012 12:26:59 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
    Tcpip

    Error - 1/20/2012 12:28:26 AM | Computer Name = AREA51 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 1/20/2012 12:31:26 AM | Computer Name = AREA51 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 1/20/2012 12:41:56 AM | Computer Name = AREA51 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 1/20/2012 12:45:36 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7000
    Description = The TuneUp Theme Extension service failed to start due to the following
    error: %%1083

    Error - 1/20/2012 12:47:07 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7034
    Description = The Updater Service for StartNow Toolbar service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 1/20/2012 1:43:02 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7000
    Description = The TuneUp Theme Extension service failed to start due to the following
    error: %%1083


    < End of report >
     
  3. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    Update

    I'm so sorry but I'm going to have to grab a few hours of sleep. I'll check back in first thing in the morning. Thank you so very much for all your help today!

    Be back soon!
     
  4. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    Ready for Round Two!

    Good Morning! I'm back and ready for round two. *grin*
     
  5. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Most likely it needs reinstalling. The infection might have corrupted some file(s).

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O37 - HKU\.DEFAULT\...exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %*
      O37 - HKU\S-1-5-18\...exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %*
      [2012/01/18 19:21:02 | 000,009,273 | ---- | M] () -- C:\Documents and Settings\Jazz\Local Settings\Application Data\c07eade0
      [2012/01/18 08:45:10 | 000,009,277 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\94923091
      [2012/01/18 08:45:10 | 000,009,253 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4ad316c9
      @Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware_logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  6. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    OTL

    I am currently running the OTL fixes as instructed. However, it seems to be stuck. It says its killing processes and not to interrupt, but it's been almost an hour now with no progression. Should I stop the scan or let it be?
     
  7. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Restart manually and run the fix from safe mode.
     
  8. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    OTL Fix log

    Here is the OTL Fix log. I will move on to the next step in the process. :)

    _______

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\Software\Classes\mdaw\ deleted successfully.
    HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Classes\mdaw\ not found.
    HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
    C:\Documents and Settings\Jazz\Local Settings\Application Data\c07eade0 moved successfully.
    C:\Documents and Settings\NetworkService\Application Data\94923091 moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\4ad316c9 moved successfully.
    ADS C:\WINDOWS\alienware_logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\WINDOWS\alienware logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Jazz
    ->Temp folder emptied: 626700 bytes
    ->Temporary Internet Files folder emptied: 1131857 bytes
    ->Java cache emptied: 573811390 bytes
    ->FireFox cache emptied: 84963743 bytes
    ->Google Chrome cache emptied: 856432 bytes
    ->Apple Safari cache emptied: 3265536 bytes
    ->Flash cache emptied: 842821399 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 6242438 bytes
    ->Flash cache emptied: 343 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 10376 bytes
    ->Flash cache emptied: 3206 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 4654439 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 499913 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,449.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: Jazz
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jazz
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01202012_150357

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  9. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    Security Check log

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    Secunia PSI
    Loaris Trojan Remover 1.2
    HijackThis 2.0.2
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    Java(TM) 6 Update 30
    Out of date Java installed!
    Adobe Flash Player 11.0.1.152
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Alwil Software Avast5 AvastSvc.exe
    ``````````End of Log````````````
     
  10. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    FSS Log

    Farbar Service Scanner Version: 18-01-2012 01
    Ran by Jazz (administrator) on 20-01-2012 at 15:40:26
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    AegisP(9) aswTdi(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(8) Tcpip(4)
    0x0B00000005000000010000000200000003000000040000000B000000060000000700000008000000090000000A000000
    IpSec Tag value is correct.

    **** End of log ****
     
  11. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    TFC

    The Temp File Cleaner seems to be locked up. It has not progressed past the "stopping running processes" function in approx. 30 minutes. Should I manually restart in safe mode and try again or no? Sorry to be so hesitant but I don't wanna mess anything up. :)
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    It's always good to ask.
    Restart manually to safe mode and run it from there.
     
  13. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    TFC Log

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jazz
    ->Temp folder emptied: 16263479 bytes
    ->Temporary Internet Files folder emptied: 55717 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 23777486 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 991 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16384 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 0 bytes
    Process complete!

    Total Files Cleaned = 38.00 mb
     
  14. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    EST Scan

    I have the EST Scan running at the moment. However, I am concerned that my Avast appears to be running from startup. It would not allow me to shut it down from my Taskbar. In addition, when I tried to uninstall it, it would not allow it either. Any suggestions on my course of action with it would be appreciated. My guess is, that when I renamed the execute file to get it to run in the beginning of all this, it altered the function of the above mentioned tasks.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Just leave it alone.
     
  16. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    ESET Scan log

    Here is the ESET Scan Log. Just FYI, the Allie_TR file was a renamed file that I created from my original Loaris Trojan Remover exe file.

    __________________________________

    C:\Documents and Settings\Jazz\Desktop\Computer Security\Trojan Remover\Allie_tro_.exe a variant of Win32/1AntiVirus application deleted - quarantined
    C:\Program Files\Allie_TR_\Allie_TR-setup.exe a variant of Win32/1AntiVirus application deleted - quarantined
    C:\Program Files\Allie_TR_\ltr12.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
    C:\Program Files\Loaris\Trojan Remover\ltr.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
    C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
    C:\Programs\VeohWebPlayerSetup_eng.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
    C:\Programs\Free MP3 Converter\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
    C:\Programs\FreeFLVConverter\Setup_FreeFlvConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
    C:\Programs\FreeFLVConverter\Setup_FreeFlvConverterN.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
    C:\Programs\_Buy Replay AV - Replay Converter\AV Stream Capture Suite SW\RSLSetup.exe probably a variant of Win32/TrojanDownloader.Agent.EMYMIEA trojan deleted - quarantined
    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ReactivateIE.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarBroker.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0065453.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0065474.exe a variant of Win32/Kryptik.ZCE trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0065475.exe a variant of Win32/Kryptik.ZCE trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0065718.sys a variant of Win32/Rootkit.Kryptik.HV trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0070178.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0070180.dll a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0070181.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0070182.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072396.exe a variant of Win32/1AntiVirus application deleted - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072404.exe a variant of Win32/1AntiVirus application deleted - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072406.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072407.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072408.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072409.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072410.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072411.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072412.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
    C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072413.exe probably a variant of Win32/TrojanDownloader.Agent.EMYMIEA trojan deleted - quarantined
     
  17. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  18. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    2nd OTL Fix Log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jazz
    ->Temp folder emptied: 1299160 bytes
    ->Temporary Internet Files folder emptied: 790774 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 158828178 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 1991 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 154.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jazz
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: Jazz
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 01202012_201929

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  19. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    Computer Performance

    Upon reboot I have twice gotten an Error Report Popup window for the jusched.exe file.

    Also, my administrative tools are still not showing up.

    My avast still will not uninstall so that I can reinstall. It also does not autorun upon startup anymore. It runs when I start it manually, but I still can not update it. However, it does say that it's release date was 1/18/2012 at 11 am and the last update attempt was on 1/19/2012 3 am.

    One question about the security tool removal...should I remove my SD spybot and just run the Malwarebytes and Avast?
     
  20. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Disable jusched.exe as a startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

    Download and run this: http://download.bleepingcomputer.com/grinler/fakehdd/winxp-pro-32bit-sm-reset.exe

    Try free version of Revo: http://www.revouninstaller.com/revo_uninstaller_free_download.html

    Yeah, I consider Spybot as a tool of the past.
     
  21. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    Computer Performance

    Ok...got everything resolved except my Avast uninstall, which is just not going anywhere. I'm gonna try it in safe mode.

    My control panel, admin tools, start menu etc are back to normal, except I still have some program files that are not showing the subfolders within the start menu. Such as all my adobe products do not show up under the programs\adobe option in my start menu. Any suggestions on how I can restore this?

    One more question, I have several programs that run on start up that I would like to stop. How can I do that? I'm leery of attempting something like that without instruction since a friend of mine forbid me from entering "THE BIOS". lol

    I can't tell you how much your assistance has meant to me. Thank you so very much!
     
  22. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    Computer Performance

    Well, removing Avast is turning into a real pain. lol I can't do it in safe mode, nor can I manually delete the file folder. Suggestions?
     
  23. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    Computer Performance

    I'm an *****. LOL I'm so sorry. Revo UNINSTALLER ... I get it now. Sheesh it's been a really long day or I'm going brain dead. One or the other, or possibly both! LOL
     
  24. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Did you try Revo to uninstall Avast?

    Some programs may have to be reinstalled.
    You can also try my manual HERE

    Download, and install Quick Startup: http://www.glarysoft.com/qs.html
    Go File>Export, save report, and paste it into your next post.
     
  25. Allieraptor

    Allieraptor TS Rookie Topic Starter Posts: 81

    Computer Performance

    I ran Revo Uninstaller and it says it removed avast. When I go to add/remove programs it also says avast has been removed. However, if I look at my program files, the avast files are still there and I get the popup error when I try to delete.

    Thank you for the link to your manual. I was able to get my programs back in my start menu.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.