# My Computer Online Scan and AV8 pop ups virus



## nmarlow (Sep 23, 2010)

I have an ASUS K50ij-rx05 running Windows 7 64-bit. I recently started getting pop ups on my computer including My Computer Online Scan and AV8 Scan. I know these are a part of mulitple viruses, but I am not sure how to get rid of them. I have tried running Malwarebytes and Kaspersky, and they find viruses and things, but they just come back after I remove them. I have run them in safe mode as well and nothing has changed. I ran all the programs you requested and I am pasting and attaching the log files. Any help removing these will be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:41:47 AM, on 9/23/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Users\Brian\Desktop\Virus Removal Tool\setup_9.0.0.722_22.09.2010_14-25[1]\setup_9.0.0.722_22.09.2010_14-25[1].exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\andy128.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXULWAOU\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Updater For My.Freeze.com Toolbar - {C26CD490-5F01-41E3-B150-EB29F19DA056} - (no file)
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [xuri49tkd] C:\Windows\andy128.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.5; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; MS-RTC LM 8; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3)" -"http://www.cartoonnetwork.com/games/cc/trickortreatbeat/index.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Startup: setup_9.0.0.722_22.09.2010_14-25[1].lnk = C:\Users\Brian\Desktop\Virus Removal Tool\setup_9.0.0.722_22.09.2010_14-25[1]\startup.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.oma11pwww05
O15 - Trusted Zone: *.prod.westworlds.com
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: *.westathome.com
O15 - Trusted Zone: *.westathome.net
O15 - Trusted Zone: *.workathomeagent.net
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11775 bytes

DDS (Ver_10-03-17.01) - NTFSX64 
Run by Brian at 9:45:04.00 on Thu 09/23/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.1326 [GMT -4:00]

============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxducoms.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\SysWOW64\svchost.exe -k ssed
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\AbtSvcHost_.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Users\Brian\Desktop\Virus Removal Tool\setup_9.0.0.722_22.09.2010_14-25[1]\setup_9.0.0.722_22.09.2010_14-25[1].exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\andy128.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXULWAOU\dds[1].scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://home.verizon.yahoo.com/
uSearch Bar = Preserve
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: {C26CD490-5F01-41E3-B150-EB29F19DA056} - No File
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn4\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {EA6905C1-AFE7-44A8-B5CF-5A41C3FDF685} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRunOnce: [Shockwave Updater] c:\windows\syswow64\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.5; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; MS-RTC LM 8; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3)" -"http://www.cartoonnetwork.com/games/cc/trickortreatbeat/index.html"
mRun: [CLMLServer] "c:\program files (x86)\cyberlink\power2go\CLMLSvc.exe"
mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r
mRun: [P2Go_Menu] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [HControlUser] c:\program files (x86)\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files (x86)\asus\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files (x86)\asus\atk media\DMedia.exe
mRun: [ADSMTray] c:\program files (x86)\asus\asus data security manager\ADSMTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [ConnectionCenter] "c:\program files (x86)\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [xuri49tkd] c:\windows\andy128.exe
StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup_~1.lnk - c:\users\brian\desktop\virus removal tool\setup_9.0.0.722_22.09.2010_14-25[1]\startup.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{f0df4513-3c4c-4eb8-8012-2c5f70af3988}\_A1DDD39913A1970387B7B3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
Trusted Zone: oma11pwww05
Trusted Zone: prod.westworlds.com
Trusted Zone: west.com
Trusted Zone: westathome.com
Trusted Zone: westathome.net
Trusted Zone: workathomeagent.net
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {EA6905C1-AFE7-44A8-B5CF-5A41C3FDF685} - No File
mRun-x64: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun-x64: [AmIcoSinglun64] c:\program files (x86)\amicosinglun\AmIcoSinglun64.exe
mRun-x64: [lxdumon.exe] "c:\program files (x86)\lexmark 5600-6600 series\lxdumon.exe"
mRun-x64: [EzPrint] "c:\program files (x86)\lexmark 5600-6600 series\ezprint.exe"
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
================= FIREFOX ===================
FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\cpyq0vv3.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm035YYUS&fl=0&ptb=g0tBgV5ChXww7q6uEjGQKA&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77c0c6d8&searchfor=
FF - plugin: c:\program files (x86)\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files (x86)\virtools\3d life player\npvirtools.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\brian\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\brian\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R?2 ssed;ssed;c:\windows\system32\svchost.exe -k ssed [2009-7-13 27136]
R0 70987732;70987732 Boot Guard Driver;c:\windows\system32\drivers\70987732.sys [2010-9-22 40464]
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-7-21 15928]
R1 70987731;70987731;c:\windows\system32\drivers\70987731.sys [2010-9-22 157712]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 setup_9.0.0.722_22.09.2010_14-25[1]drv;setup_9.0.0.722_22.09.2010_14-25[1]drv;c:\windows\system32\drivers\7098773.sys [2010-9-22 352784]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AbtSvcHost;AbtSvcHost;c:\windows\syswow64\AbtSvcHost_.exe [2010-7-24 49584]
R2 ASMMAP64;ASMMAP64;c:\program files\atkgfnex\ASMMAP64.sys [2009-7-21 14904]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-11-23 140800]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-23 1222144]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S1 sed;sed;c:\windows\syswow64\drivers\sed.sys [2010-9-22 33792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-9-18 133104]
S2 NapAgMan;Network Access Protection Manager;c:\windows\system32\napaserv.exe --> c:\windows\system32\napaserv.exe [?]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-8-21 44032]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSG664.sys [2009-6-10 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-4 1255736]
=============== Created Last 30 ================
2010-09-23 09:11:34 1136 --sha-w- c:\windows\setup_9.0.0.722_22.09.2010_14-25[1]drv.spi
2010-09-23 08:47:31 34976 ----a-w- c:\windows\fs1235.dat
2010-09-23 08:44:13 29 ----a-w- c:\windows\bk20856.dat
2010-09-22 21:28:35 0 d-----w- c:\program files (x86)\Trend Micro
2010-09-22 17:41:34 59392 ----a-w- c:\windows\syswow64\sed.dll
2010-09-22 12:51:19 1 ---h--w- c:\windows\bk23567.dat
2010-09-22 12:51:19 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2010-09-22 12:42:30 0 d-----w- c:\programdata\Kaspersky Lab
2010-09-22 12:41:37 40464 ----a-w- c:\windows\system32\drivers\70987732.sys
2010-09-22 12:41:37 352784 ----a-w- c:\windows\system32\drivers\7098773.sys
2010-09-22 12:41:37 157712 ----a-w- c:\windows\system32\drivers\70987731.sys
2010-09-22 08:45:00 172032 ---h--w- c:\windows\andy128.exe
2010-09-17 11:18:56 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-15 18:24:34 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-25 12:26:42 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 12:26:42 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
==================== Find3M ====================
2010-09-23 12:18:40 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-09-23 09:23:18 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-09-23 08:38:19 57752 ----a-w- c:\windows\syswow64\rpcnet.dll
2010-09-22 20:52:26 17408 ----a-w- c:\windows\syswow64\rpcnetp.dll
2010-09-22 20:52:11 17408 ----a-w- c:\windows\syswow64\rpcnetp.exe
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-29 01:22:38 161304 ----a-w- c:\windows\system32\igfxtray.exe
2010-07-29 01:22:36 508952 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-07-29 01:22:34 415256 ----a-w- c:\windows\system32\igfxpers.exe
2010-07-29 01:22:32 386584 ----a-w- c:\windows\system32\hkcmd.exe
2010-07-29 01:22:32 223768 ----a-w- c:\windows\system32\igfxext.exe
2010-07-29 01:22:30 3156504 ----a-w- c:\windows\system32\GfxUI.exe
2010-07-29 01:22:28 152600 ----a-w- c:\windows\system32\difx64.exe
2010-07-29 01:18:58 92672 ----a-w- c:\windows\system32\igfxCoIn_v2189.dll
2010-07-29 01:10:42 10610400 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2010-07-29 01:10:36 6547968 ----a-w- c:\windows\system32\igdumd64.dll
2010-07-29 01:02:54 4967424 ----a-w- c:\windows\syswow64\igdumd32.dll
2010-07-29 00:58:10 571904 ----a-w- c:\windows\syswow64\igdumdx32.dll
2010-07-29 00:55:00 4720128 ----a-w- c:\windows\system32\igd10umd64.dll
2010-07-29 00:47:56 4411904 ----a-w- c:\windows\syswow64\igd10umd32.dll
2010-07-29 00:41:12 15035392 ----a-w- c:\windows\system32\ig4icd64.dll
2010-07-29 00:32:14 11042304 ----a-w- c:\windows\syswow64\ig4icd32.dll
2010-07-29 00:27:34 380416 ----a-w- c:\windows\system32\igfxTMM.dll
2010-07-29 00:27:26 27648 ----a-w- c:\windows\system32\igfxexps.dll
2010-07-29 00:27:26 243200 ----a-w- c:\windows\system32\igfxpph.dll
2010-07-29 00:27:02 61952 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-07-29 00:26:30 108032 ----a-w- c:\windows\system32\hccutils.dll
2010-07-29 00:26:20 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-07-29 00:26:20 271360 ----a-w- c:\windows\system32\igfxdev.dll
2010-07-29 00:26:20 119808 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-07-29 00:25:44 830464 ----a-w- c:\windows\system32\igfxress.dll
2010-07-29 00:25:44 142336 ----a-w- c:\windows\system32\igfxdo.dll
2010-07-29 00:22:00 23552 ----a-w- c:\windows\syswow64\igfxexps32.dll
2010-07-29 00:20:54 228864 ----a-w- c:\windows\syswow64\igfxdv32.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-25 22:12:25 29184 ----a-w- c:\windows\syswow64\CtLoJack.dll
2010-07-20 23:06:00 507904 ----a-r- c:\windows\syswow64\btwapi.dll
2010-07-17 09:00:12 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-17 09:00:12 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-17 09:00:10 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-17 09:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-12 16:52:12 49584 ----a-w- c:\windows\syswow64\AbtSvcHost_.exe
2010-07-12 16:52:12 49584 ----a-w- c:\windows\syswow64\AbtSvcHost.exe
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-08 15:31:56 106496 ----a-w- c:\program files (x86)\common files\CPInstallAction.dll
2008-08-12 02:45:20 155648 ----a-w- c:\program files (x86)\common files\MSIactionall.dll
2008-05-22 13:35:54 51962 ----a-w- c:\program files (x86)\common files\banner.jpg
2007-06-12 14:34:50 35822 ----a-w- c:\program files (x86)\common files\ASPG_icon.ico
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-06-12 22:03:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010061220100613\index.dat
2010-06-19 11:06:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010061920100620\index.dat
2010-06-21 01:54:12 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010062020100621\index.dat
2010-02-07 00:13:42 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-14 14:19:48 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-14 14:19:48 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-14 14:19:48 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 9:47:38.16 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-23 09:54:18
Windows 6.1.7600 
Running: qyzhgl1m.exe

---- Files - GMER 1.0.15 ----
File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Doc 0 bytes
File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Doc\_avt 512 bytes
File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Doc\_lit 512 bytes
File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Music 0 bytes
File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Music\_avt 512 bytes
File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Music\_lit 512 bytes
File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Video 0 bytes
File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Video\_avt 512 bytes
File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Video\_lit 512 bytes
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB  0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
---- EOF - GMER 1.0.15 ----


----------



## nmarlow (Sep 23, 2010)

Not sure why other people who are posting after me are getting help, but I can't get help. Please help me with the horrible virus!!!


----------



## Blade81 (Oct 27, 2006)

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.


----------

