win32.downloader.dequ

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

win32.downloader.dequ

Post by tingler on Thu 28 Jul 2011, 7:00 am

I have encountered 2 problems with my computer..I think they may be viruses..but I am not sure because I am not too savvy regarding computers as I am 74 years old so please be patient with me
If I have posted this message in the wrong place..I am sorry..but I sure would appreciate some help if possible.
Regards
Bruce

The 2 viruses are...win32,downloader.dequ and system.brokenfileassociation


Last edited by tingler on Thu 28 Jul 2011, 8:01 am; edited 1 time in total (Reason for editing : forgot to name the viruses)

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Thu 28 Jul 2011, 9:58 am

%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs


tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by Sneakyone on Thu 28 Jul 2011, 12:52 pm

Hi, welcome to GeekPolice.net!

Where are you getting those detections from? Are they from your anti-virus?

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Thu 28 Jul 2011, 1:11 pm

I ran Spybot and the scan stopped when it got to the file...win.32.downloader.dequ..and I ran Avast and it showed ..system.brokenfileassociation as a virus.

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Thu 28 Jul 2011, 1:23 pm

OTL logfile created on: 7/27/2011 10:12:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.09 Mb Total Physical Memory | 283.37 Mb Available Physical Memory | 27.70% Memory free
2.03 Gb Paging File | 1.17 Gb Available in Paging File | 57.60% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.20 Gb Total Space | 24.09 Gb Free Space | 64.77% Space Free | Partition Type: FAT32
Drive E: | 465.75 Gb Total Space | 451.67 Gb Free Space | 96.98% Space Free | Partition Type: NTFS

Computer Name: BRUCE-A95ED2DF2 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 22:12:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
PRC - [2011/07/20 17:57:58 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/07/20 17:57:54 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/07/14 12:41:12 | 047,658,848 | ---- | M] (Slimware Utilities, Inc.) -- C:\Program Files\FixCleaner\FixCleaner.exe
PRC - [2011/07/07 17:54:00 | 000,399,312 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- E:\Program Files\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- E:\Program Files\Avast\AvastSvc.exe
PRC - [2011/06/30 09:50:32 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/03/25 15:09:48 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/03/28 15:47:44 | 001,692,440 | ---- | M] (ParetoLogic) -- C:\Program Files\ParetoLogic\FileCure\FileCure.exe
PRC - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2011/07/27 22:12:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- E:\Program Files\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/20 17:57:54 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/25 15:09:48 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZONELABS\vsmon.exe -- (vsmon)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- E:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 17:55:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:24 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/04 07:36:44 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:24 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:14 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/24 14:29:12 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/03/10 21:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/08/18 05:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/30 23:53:34 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/06/30 23:53:30 | 000,066,688 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 05:31:00 | 000,164,896 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/03/08 21:15:10 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/08 21:14:44 | 000,024,064 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/08 21:05:30 | 000,141,184 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/08 20:54:48 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/03/08 20:53:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/08 20:38:32 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 CF 50 C3 AB 09 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {7846ae31-bea2-438a-8f5e-2d899361656c} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ala.asksearch.com/?cfg=2-208-0-0"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: E:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/06/27 21:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2011/04/30 13:33:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/06/24 20:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/06/24 12:05:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/06/27 21:20:56 | 000,000,000 | ---D | M]

[2010/06/24 15:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions
[2010/06/24 15:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/24 20:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions
[2010/06/24 21:54:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/24 14:24:28 | 000,000,000 | ---D | M] (Free Ride Games Community Toolbar) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}
[2011/03/24 14:24:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\engine@conduit.com
[2011/07/24 09:11:04 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\plugin@yontoo.com
File not found (No name found) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010/06/23 17:18:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/07/24 20:24:16 | 000,435,498 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14992 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Game Master 1.1 Toolbar) - {7846ae31-bea2-438a-8f5e-2d899361656c} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Game Master 1.1 Toolbar) - {7846ae31-bea2-438a-8f5e-2d899361656c} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Game Master 1.1 Toolbar) - {7846AE31-BEA2-438A-8F5E-2D899361656C} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Free Ride Games Toolbar) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] E:\Program Files\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [FixCleaner] C:\Program Files\FixCleaner\FixCleaner.exe (Slimware Utilities, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [You must be registered and logged in to see this link.] (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - E:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/23 14:01:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/09/18 09:35:19 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 22:12:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/07/27 18:53:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.com
[2011/07/27 18:43:29 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\dds.scr
[2011/07/27 15:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\FixCleaner
[2011/07/27 15:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FixCleaner
[2011/07/27 15:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/07/27 15:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/07/26 15:14:14 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2011/07/26 11:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\SUPERAntiSpyware.com
[2011/07/26 11:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/26 11:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/26 11:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/26 10:24:30 | 000,000,000 | -HSD | C] -- C:\FOUND.004
[2011/07/25 04:31:56 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2011/07/24 20:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/07/24 20:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/07/24 20:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/07/24 20:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/07/24 12:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/24 11:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\AskToolbar
[2011/07/24 11:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/24 11:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/07/24 11:32:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/24 11:32:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/24 11:32:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/24 11:29:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bruce\Recent
[2011/07/24 11:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Security 360
[2011/07/24 09:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/07/24 08:51:16 | 000,000,000 | ---D | C] -- C:\rei
[2011/07/24 08:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/07/20 17:57:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/07/20 17:57:46 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/07/20 17:57:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/07/20 17:57:46 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/07/20 17:57:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/07/20 17:57:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/07/20 17:57:44 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/07/20 17:57:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/07/20 17:57:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/07/20 17:57:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/07/20 17:57:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/07/20 17:57:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/07/19 15:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\My Documents\My Scans
[2011/07/14 10:29:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/10 18:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(2)
[2010/06/24 22:06:18 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 22:12:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/07/27 20:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/27 18:47:14 | 000,003,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/07/27 18:47:12 | 000,009,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/27 18:40:30 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\dds.scr
[2011/07/27 18:00:02 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/07/27 17:53:04 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\RBC Royal Bank - Sign In to Online Banking.url
[2011/07/27 16:46:16 | 000,000,434 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Jay Leno's Garage.url
[2011/07/27 15:51:42 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\GeekPolice.net.url
[2011/07/27 15:51:08 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Google (2).url
[2011/07/27 15:48:16 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.com
[2011/07/27 15:29:48 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2011/07/27 15:29:18 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FixCleaner.lnk
[2011/07/27 15:22:34 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/07/27 15:22:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/27 15:19:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Startup.job
[2011/07/27 15:19:54 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/27 15:19:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/26 17:18:22 | 000,000,323 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Weather Forecast.url
[2011/07/26 16:33:24 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Play Dragon Portals.lnk
[2011/07/26 11:19:58 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/26 10:47:36 | 000,533,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/26 10:47:36 | 000,099,378 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/26 10:24:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/25 15:33:44 | 000,000,317 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\RBC Royal Bank Rates.url
[2011/07/25 12:34:20 | 000,000,374 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Royal Caribbean.url
[2011/07/25 04:44:02 | 000,157,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/25 04:40:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/25 04:37:04 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Default.job
[2011/07/24 14:48:54 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee for Pentax 2.0.lnk
[2011/07/24 14:28:06 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Play Gem Shop.lnk
[2011/07/24 12:23:12 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/24 12:23:12 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/07/24 12:17:48 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/24 12:17:46 | 000,002,616 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/24 08:51:58 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/07/22 13:14:02 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Hamilton Tiger-Cats Official Site of the Tiger-Cats .url
[2011/07/20 17:57:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/07/20 17:57:46 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/07/20 17:57:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/07/20 17:57:46 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/07/20 17:57:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/07/20 17:57:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/07/20 17:57:44 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/07/20 17:57:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/07/20 17:57:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/07/20 17:57:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/07/20 17:57:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/07/20 17:57:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/07/19 16:18:40 | 000,019,518 | ---- | M] () -- C:\WINDOWS\hpqins13.dat
[2011/07/18 11:43:48 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\OLG -.url
[2011/07/12 14:51:46 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\MapQuest - Driving Directions - Map Directions.url
[2011/07/05 09:22:32 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Kijiji Hamilton Classifieds Free Local Classified Ads for Hamilton, Ontario.url
[2011/07/04 07:43:54 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:52 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:44 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:24 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:10 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:14 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 18:40:52 | 000,003,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/07/27 15:51:40 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\GeekPolice.net.url
[2011/07/27 15:29:46 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2011/07/27 15:29:17 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FixCleaner.lnk
[2011/07/27 15:23:45 | 000,009,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/26 11:19:56 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/25 04:40:22 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/24 12:23:11 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/24 12:23:11 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/07/24 11:33:29 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/24 08:59:54 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/24 08:51:56 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/07/19 16:13:00 | 000,019,518 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/03/24 14:23:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/08/31 13:26:22 | 019,657,194 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.4-win32.exe
[2010/07/22 08:48:17 | 019,473,201 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.1-win32.exe
[2010/07/12 16:00:34 | 019,495,102 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.0-win32.exe
[2010/06/29 10:38:59 | 000,077,374 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/06/27 21:12:26 | 000,166,577 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2010/06/27 21:12:26 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2010/06/25 01:54:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/25 01:53:34 | 000,157,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/24 20:45:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/24 14:03:14 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/23 17:04:04 | 000,116,736 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/23 14:23:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/23 14:20:48 | 000,006,136 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/06/23 14:14:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/06/23 14:14:24 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/06/23 14:14:15 | 000,021,598 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/23 14:14:15 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/06/23 14:04:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/23 13:59:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/07 21:07:00 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/19 20:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/18 05:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/02/28 16:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/12 14:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 14:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 14:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 14:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 14:03:20 | 000,533,292 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 14:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 14:03:19 | 000,099,378 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 14:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 13:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 13:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 13:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 13:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

< End of report >

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Thu 28 Jul 2011, 1:26 pm

OTL Extras logfile created on: 7/27/2011 10:12:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.09 Mb Total Physical Memory | 283.37 Mb Available Physical Memory | 27.70% Memory free
2.03 Gb Paging File | 1.17 Gb Available in Paging File | 57.60% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.20 Gb Total Space | 24.09 Gb Free Space | 64.77% Space Free | Partition Type: FAT32
Drive E: | 465.75 Gb Total Space | 451.67 Gb Free Space | 96.98% Space Free | Partition Type: NTFS

Computer Name: BRUCE-A95ED2DF2 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [ACDBrowse] -- "E:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\ZoneLabs\vsmon.exe" = C:\WINDOWS\System32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"E:\Program Files\LimeWire\LimeWire.exe" = E:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0E8ECB62-9A91-4D24-8CC3-BC2388BF0E2E}_is1" = Disk Doctors Digital Media Recovery
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{530241F4-D15B-4E0B-B3F3-47F83BC285AA}" = STOPzilla
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{62B9E29A-BC60-4829-8724-100ACFF7E63D}" = IObit Toolbar v4.3
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.0
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A99C6296-A311-4D6C-9602-53B4241921D5}" = Roxio Easy Media Creator 7
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CC14A340-C388-4558-83E4-B30150577931}" = FixCleaner
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for Pentax 2.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.3.1.2590)
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AlawarGameBox" = Alawar Game Box
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"exent_440850" = Traffic Jam Extreme
"exent_445950" = Puzzle Express
"exent_446150" = Flip Words
"exent_446250" = Gem Shop
"exent_447350" = Sea Bounty
"exent_452750" = Atlantis Quest
"exent_466550" = The Treasures of Montezuma
"exent_472250" = 10 Talismans
"exent_554750" = Cradle of Rome
"exent_578250" = Poker Superstars III
"exent_605350" = Magic Encyclopedia
"exent_614150" = The Lost Cases of Sherlock Holmes
"exent_647750" = Margrave Manor 2: The Lost Ship
"exent_649850" = Dragon Portals
"exent_661850" = Valerie Porter
"exent_664850" = Heroes of Hellas 2 - Olympia
"exent_666450" = Autumn's Treasures: The Jade Coin
"exent_666550" = 1001 Nights - The Adventures of Sindbad
"exent_668050" = Farm Mania 2
"exent_684050" = Love and Death: Bitten
"Free_Ride_Games Toolbar" = Free Ride Games Toolbar
"Game_Master_1.1 Toolbar" = Game Master 1.1 Toolbar
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"IObit Security 360_is1" = IObit Security 360
"iWinArcade" = iWin Games (remove only)
"jZip" = jZip
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars" = PokerStars
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"VLC media player" = VLC media player 0.9.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2011 1:19:30 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:14:33 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:14:33 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:15:16 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:15:18 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:15:46 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:15:55 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:16:17 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:16:35 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:16:40 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1001
Description = Fault bucket -1784725119.

[ System Events ]
Error - 7/26/2011 4:01:36 PM | Computer Name = BRUCE-A95ED2DF2 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/27/2011 11:22:47 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IS360service service
to connect.

Error - 7/27/2011 11:22:47 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7000
Description = The IS360service service failed to start due to the following error:
%%1053

Error - 7/27/2011 11:24:11 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/27/2011 3:02:27 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IS360service service
to connect.

Error - 7/27/2011 3:02:27 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7000
Description = The IS360service service failed to start due to the following error:
%%1053

Error - 7/27/2011 3:03:50 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/27/2011 3:20:27 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IS360service service
to connect.

Error - 7/27/2011 3:20:27 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7000
Description = The IS360service service failed to start due to the following error:
%%1053

Error - 7/27/2011 3:21:53 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Thu 28 Jul 2011, 1:28 pm

I hope I did it properly

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by Sneakyone on Thu 28 Jul 2011, 1:50 pm

Hi,

Why's your name strikethrough'd?

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Thu 28 Jul 2011, 4:20 pm

unfortunately I did not have any luck with this..I managed to get the combo fix file copied ..and the name changed to commy.exe..but unfortunately I had to use Firefox to get into your system because Internet Explorer kept booting me out..so when it downloaded the file through Firefox....it put it into the Firefox Download and then when I copied it to my desk top..and copied and pasted the instructions that were given it said it could not find it because it was searching in my C drive.
I hope this is understandable..but I will totally understand if it isn't..because I am not at all computer literate.
If you would prefer not to continue trying to help me..I will totally understand because I think this is all a bit too complicated for me.


Last edited by tingler on Thu 28 Jul 2011, 4:58 pm; edited 1 time in total

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Thu 28 Jul 2011, 4:57 pm

I think this is the Combo Log that you are looking for..it was what was printed when I clicked on it.

Output folder: C:\32788R22FWJFW
Extract: 023.dat
Extract: 023v.dat
Extract: 023w7.dat
Extract: AWF.cmd
Extract: AppDataFile.cfx
Extract: AppDataFolder.cfx
Extract: Assoc.cmd
Extract: Auto-RC.cmd
Extract: Boot-Rk.cmd
Extract: Boot.bat
Extract: BootDrv.vbs
Extract: CF-Script.cmd
Extract: CSet.cmd
Extract: Catch-sub.cmd
Extract: Combo-Fix.sys
Extract: ComboFix-Download.cfxxe
Extract: Combobatch.bat
Extract: Create.cmd
Extract: Creg.dat
Extract: CregC.cmd
Extract: CregC.dat
Extract: DPF.str
Extract: DelClsid.bat
Extract: DelClsid64.bat
Extract: DesktopFile.cfx
Extract: Dnl.dat
Extract: DrvRun.vbs
Extract: ERDNT.e_e
Extract: ERDNTDOS.LOC
Extract: ERDNTWIN.LOC
Extract: ERUNT.LOC
Extract: ERUNT.cfxxe
Extract: Exe.reg
Extract: FD-SV.cmd
Extract: FIND3M.bat
Extract: FIXLSP.bat
Extract: FKMGen.cmd
Extract: FavoriteFolder.cfx
Extract: FavoritesFile.cfx
Extract: FileKill.cfxxe
Extract: Fin.dat
Extract: GetHive.cmd
Extract: Imefile.dat
Extract: Install-RC.cmd
Extract: Kill-All.cmd
Extract: Ksvchost.vbs
Extract: Lang.bat
Extract: List-B.bat
Extract: List-C.bat
Extract: List-D.bat
Extract: List.bat
Extract: LocalAppDataFile.cfx
Extract: LocalAppDataFolder.cfx
Extract: LocalService.dat
Extract: LocalServiceNetworkRestricted.dat
Extract: LocalSettingsFile.cfx
Extract: LocalSystemNetworkRestricted.dat
Extract: MoveIt.bat
Extract: ND_.bat
Extract: ND_64.bat
Extract: NT-OS.cmd
Extract: NetworkService.dat
Extract: NirCmd.cfxxe
Extract: NirCmd.chm
Extract: NirCmdC.cfxxe
Extract: OSid.vbs
Extract: P.cmd
Extract: PersonalFile.cfx
Extract: PersonalFolder.cfx
Extract: Policies.dat
Extract: Prep.inf
Extract: ProfilesFile.cfx
Extract: ProfilesFolder.cfx
Extract: ProgramsFile.cfx
Extract: ProgramsFolder.cfx
Extract: Purity.dat
Extract: RCLink.dat
Extract: REGDACL.sed
Extract: RegDo.sed
Extract: RegScan.cmd
Extract: RegScan64.cmd
Extract: Rkey.cmd
Extract: Rust.str
Extract: SRestore.cmd
Extract: Safeboot.def.w7.dat
Extract: SetEnvmt.bat
Extract: SnapShot.cmd
Extract: StartMenuFile.cfx
Extract: StartMenuFolder.cfx
Extract: StartUpFile.cfx
Extract: SuppScan.cmd
Extract: SvcDrv.vbs
Extract: TemplatesFile.cfx
Extract: TemplatesFolder.cfx
Extract: Update-CF.cmd
Extract: VINFO3
Extract: VInfo
Extract: VInfo2
Extract: Vipev.dat
Extract: VwinTemp.dacl
Extract: Wmi_rem.vbs
Extract: XPSBoot.reg
Extract: appinit.bad
Extract: asp.str
Extract: av.cmd
Extract: av.vbs
Extract: badclsid.c
Extract: c.bat
Extract: catchme.cfxxe
Extract: clsid.c
Extract: dd.cfxxe
Extract: ddsDo.sed
Extract: dumphive.cfxxe
Extract: embedded.sed
Extract: extract.cfxxe
Extract: ffdefstr.dll
Extract: files.pif
Extract: firefox.exe
Extract: grep.cfxxe
Extract: gsar.cfxxe
Extract: handle.cfxxe
Extract: hidec.cfxxe
Extract: history.bat
Extract: hwid.pif
Extract: iexplore.exe
Extract: image001.gif
Extract: katch.cmd
Extract: lnkread.vbs
Extract: mbr.cfxxe
Extract: mbr.chk
Extract: md5sum.pif
Extract: md5sum00.pif
Extract: mtee.cfxxe
Extract: mynul.dat
Extract: n.pif
Extract: ncmd.com
Extract: ndis_combofix.dat
Extract: netsvc.bad.dat
Extract: netsvc.dat
Extract: netsvc.vista.dat
Extract: netsvc.xp.dat
Extract: pausep.cfxxe
Extract: pev.cfxxe
Extract: pevb.cfxxe
Extract: powp.dat
Extract: pv.com
Extract: region.dat
Extract: restore_pt.vbs
Extract: rmbr.cfxxe
Extract: rogues.dat
Extract: run2.sed
Extract: s0rt.cfxxe
Extract: safeboot.dat
Extract: safeboot.def.dat
Extract: safeboot.def.vista.dat
Extract: sed.cfxxe
Extract: setpath.cfxxe
Extract: srizbi.md5
Extract: svc_wht.dat
Extract: svchost.dat
Extract: svchost.vista.dat
Extract: svchost.vista.x64.dat
Extract: svchost.w7.dat
Extract: svchost.w7.x64.dat
Extract: swreg.cfxxe
Extract: swsc.cfxxe
Extract: swxcacls.cfxxe
Extract: system_ini.dat
Extract: tail.cfxxe... 100%
Extract: toolbar.sed
Extract: vistaMcode.dat
Extract: vistareg.dat
Extract: vun.dat
Extract: w2k_sock.dll
Extract: w2kreg.dat
Extract: w7Mcode.dat
Extract: w7reg.dat
Extract: w_sock.dll
Extract: xpmcode.dat
Extract: xpreg.dat
Extract: zDomain.dat
Extract: zhsvc.dat
Extract: zip.cfxxe
Output folder: C:\32788R22FWJFW\EN-US
Output folder: C:\32788R22FWJFW\License
Extract: Curl - license.txt
Extract: EXTRACT.TXT
Extract: FI - license.txt
Extract: UnxUtilsDist.com
Extract: UnxUtilsDist.html
Extract: UnxUtilsDist.pif
Extract: Zip - license.txt
Extract: dumphive-license.txt
Extract: firefox.exe
Extract: iexplore.exe
Extract: mtee.txt
Extract: ncmd.cfxxe
Extract: pv_5_2_2.zip
Extract: streamtools.zip
Output folder: C:\32788R22FWJFW\N_
Output folder: C:\32788R22FWJFW

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Thu 28 Jul 2011, 10:10 pm

I have no idea why my name is strikethrough"d

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by Sneakyone on Fri 29 Jul 2011, 4:31 pm

Hi,

Did you double click on ComboFix? If not, then double click it to run it.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Fri 29 Jul 2011, 10:27 pm

I tried to run Combofix.exe it says it is setting up a restore point..then it says it is starting to scan..then the curser flashes..and then after a while the curser stops flashing and my computer freezes.
I did get some kind of log previously that is in my message number 10
I ran it over again and just let it run all night..but nothing happened

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by Sneakyone on Sat 30 Jul 2011, 5:27 pm

Hi,

Could you please run ComboFix in Safe Mode?

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Log into an account with administrative priviliges.



I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Sun 31 Jul 2011, 1:38 am

I tried to run Combofix in safe mode...but unfortunately it did the same thing,,,it said it was establishing a new restore date,,,then it said it was scanning and it typically should take 10 minutes but on badly infected computers it could take twice that time....then the curser flashed for about 12 minutes..then it stopped flashing and froze up.
could I have accidently screwed up the combofix when I mistakenly ran it before I renamed it and got that report that I sent to you in message 10.

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by Sneakyone on Sun 31 Jul 2011, 3:04 pm

Nah, it's fine. We'll have to work around and it and try to remove what's stopping ComboFix from running.

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Mon 01 Aug 2011, 3:45 am

I hope this worked

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-07-31 12:31:26
-----------------------------
12:31:26.703 OS Version: Windows 5.1.2600 Service Pack 3
12:31:26.703 Number of processors: 2 586 0x6B02
12:31:26.703 ComputerName: BRUCE-A95ED2DF2 UserName: Bruce
12:31:27.937 Initialize success
12:31:28.671 AVAST engine defs: 11073100
12:31:40.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
12:31:40.625 Disk 0 Vendor: ST340212 3.04 Size: 38162MB BusType: 3
12:31:40.625 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0
12:31:40.625 Disk 1 Vendor: ST350083 3.AA Size: 476940MB BusType: 3
12:31:40.625 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS f72d040e
12:31:40.640 Disk 0 MBR read successfully
12:31:40.640 Disk 0 MBR scan
12:31:40.640 Disk 0 Windows XP default MBR code
12:31:40.640 Disk 0 scanning sectors +78156288
12:31:40.640 Disk 0 scanning C:\WINDOWS\system32\drivers
12:31:59.265 Service scanning
12:32:00.031 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
12:32:00.593 Modules scanning
12:32:53.609 Disk 0 trace - called modules:
12:32:53.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
12:32:53.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8656a030]
12:32:53.640 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000063[0x86573168]
12:32:53.640 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x86584a38]
12:32:54.625 AVAST engine scan C:\WINDOWS
12:33:04.656 AVAST engine scan C:\WINDOWS\system32
12:34:37.609 AVAST engine scan C:\WINDOWS\system32\drivers
12:34:52.500 AVAST engine scan C:\Documents and Settings\Bruce
12:36:14.437 AVAST engine scan C:\Documents and Settings\All Users
12:37:16.453 Scan finished successfully
12:40:06.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\MBR.dat"
12:40:06.312 The log file has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\aswMBR.txt"


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-07-31 12:31:26
-----------------------------
12:31:26.703 OS Version: Windows 5.1.2600 Service Pack 3
12:31:26.703 Number of processors: 2 586 0x6B02
12:31:26.703 ComputerName: BRUCE-A95ED2DF2 UserName: Bruce
12:31:27.937 Initialize success
12:31:28.671 AVAST engine defs: 11073100
12:31:40.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
12:31:40.625 Disk 0 Vendor: ST340212 3.04 Size: 38162MB BusType: 3
12:31:40.625 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0
12:31:40.625 Disk 1 Vendor: ST350083 3.AA Size: 476940MB BusType: 3
12:31:40.625 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS f72d040e
12:31:40.640 Disk 0 MBR read successfully
12:31:40.640 Disk 0 MBR scan
12:31:40.640 Disk 0 Windows XP default MBR code
12:31:40.640 Disk 0 scanning sectors +78156288
12:31:40.640 Disk 0 scanning C:\WINDOWS\system32\drivers
12:31:59.265 Service scanning
12:32:00.031 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
12:32:00.593 Modules scanning
12:32:53.609 Disk 0 trace - called modules:
12:32:53.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
12:32:53.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8656a030]
12:32:53.640 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000063[0x86573168]
12:32:53.640 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x86584a38]
12:32:54.625 AVAST engine scan C:\WINDOWS
12:33:04.656 AVAST engine scan C:\WINDOWS\system32
12:34:37.609 AVAST engine scan C:\WINDOWS\system32\drivers
12:34:52.500 AVAST engine scan C:\Documents and Settings\Bruce
12:36:14.437 AVAST engine scan C:\Documents and Settings\All Users
12:37:16.453 Scan finished successfully
12:40:06.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\MBR.dat"
12:40:06.312 The log file has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\aswMBR.txt"
12:43:31.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\MBR.dat"
12:43:31.234 The log file has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\aswMBR.txt"



tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by Sneakyone on Mon 01 Aug 2011, 4:37 pm

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Mon 01 Aug 2011, 11:34 pm

Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7344

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/1/2011 8:22:55 AM
mbam-log-2011-08-01 (08-22-30).txt

Scan type: Quick scan
Objects scanned: 186590
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\iobit toolbar\IE\4.3\iobittoolbarie.dll (PUP.Dealio.TB) -> No action taken.

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by Sneakyone on Tue 02 Aug 2011, 3:09 pm

Hi,

Did you remove the detections? It says: No Action Taken.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Tue 02 Aug 2011, 11:32 pm

I ran the Malware program again and it says ...No Malicious Items Detected.. and this is the report

Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7344

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/2/2011 8:27:51 AM
mbam-log-2011-08-02 (08-27-50).txt

Scan type: Quick scan
Objects scanned: 191293
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by Sneakyone on Wed 03 Aug 2011, 3:51 pm

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Thu 04 Aug 2011, 6:51 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b522dbbfd0732347a5cef0fcfe4795b9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-03 06:07:14
# local_time=2011-08-03 02:07:14 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5889 16768381 100 100 34024963 152203565 0 34120019
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 0 34143697 0 0
# scanned=91988
# found=8
# cleaned=8
# scan_time=15617
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{11CD7696-EA07-4D4C-8752-11BE9FED7CC5}\RP416\A0127453.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{11CD7696-EA07-4D4C-8752-11BE9FED7CC5}\RP416\A0127454.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{11CD7696-EA07-4D4C-8752-11BE9FED7CC5}\RP416\A0127455.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{11CD7696-EA07-4D4C-8752-11BE9FED7CC5}\RP416\A0127456.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by Sneakyone on Thu 04 Aug 2011, 4:47 pm

Hi,

How's your computer running now?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: win32.downloader.dequ

Post by tingler on Fri 05 Aug 2011, 1:31 am

There seems to be no difference regarding the "win32.downloader.dequ virus...but now I cannot access GeekPolice through Internet Explorer because it keeps booting me out.
Therefore I have to use Firefox to contact you.


tingler

Rookie Surfer
Rookie Surfer

Posts : 69
Joined : 2009-06-21
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.downloader.dequ

Post by Sponsored content Today at 4:29 am


Sponsored content


Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum