Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Link in e-mail clicked / Exploit.Java.CVE and Exploit:Java/Blacole.M a


  • Please log in to reply

#1
Bronco_Girl

Bronco_Girl

    New Member

  • Member
  • Pip
  • 1 posts
Hello all, I am really hoping someone can help me help my parents. I am inevitably the one who works on all my family's computers, but I am not a natural when it comes to it I am just pretty good with Google and utilizing software. My family knows all the ways to keep away from viruses and so normally my "job" consists of basic maintenance like defragmenting, cleaning temporary files, cookies, and so on. The occasional virus has been found but I have used the virus software to remove it and everything is happy. Until...my mom clicked on a link in an e-mail about a failed ACH transfer. (I know *groan*) She did realize after that it was a big mistake and called me. According to her she never filled out any info or downloaded anything. At least nothing asked for her approval to download anything. So I ran a deep clean from her virus protector Kaspersky. It found three slightly different versions of Exploit.Java.CVE and supposedly either deleted or disinfected them. But while looking at the processes in process explorer something still seemed off. I ran SlimCleaner and found three Active X Java plug ins, don't know if this is normal or related it just seemed odd with there being three. Next I downloaded yet another thing, some malware thing from Microsoft. It found three other Java trojans but called them Exploit:Jana/Blacole. The program said that it partially removed them. So then I attempted to use the Command Prompt and see what Ports were doing what and see if I could make heads or tails out of it. Most of it seemed to be okay from what I could tell, (keep in mind this was my first attempt at understanding Ports) however there were a lot of those svchost things. The one odd ball was Port 0 said Time_wait, not the usual established or listening. I attempted to do the ip search thing and came up with two different companies in three different places, one of which was Mexico. The two company names were Karpersky which is the virus protector and PSINet. At this point I realized I was over my head, so I came here. I downloaded and ran that OTL thing, but was unable to do it without Teamviewer going as this computer is states away. I would appreciate any help. Thanks!!!!

OTL logfile created on: 11/20/2011 1:15:56 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joe\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.44 Gb Available Physical Memory | 57.43% Memory free
12.18 Gb Paging File | 9.22 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.50 Gb Total Space | 434.83 Gb Free Space | 74.65% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 1.93 Gb Free Space | 14.10% Space Free | Partition Type: NTFS
Drive J: | 1.87 Gb Total Space | 1.66 Gb Free Space | 88.90% Space Free | Partition Type: FAT

Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 01:14:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Downloads\OTL.exe
PRC - [2011/11/12 17:59:30 | 004,761,432 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe
PRC - [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/11/03 13:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/11/03 13:25:09 | 002,143,104 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011/11/03 13:25:08 | 008,094,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/11/03 12:55:50 | 000,108,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
PRC - [2011/10/03 09:14:06 | 001,409,384 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/09 14:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/04/10 01:26:02 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/04/10 01:22:06 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/04 12:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 12:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/10/30 13:16:42 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 19:24:30 | 000,599,896 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\DiskMap.dll
MOD - [2011/11/10 19:24:20 | 000,880,984 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\Scan.dll
MOD - [2011/10/19 22:19:30 | 008,906,072 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\WebUI.dll
MOD - [2011/10/19 22:19:24 | 000,564,712 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\sqlite3.dll
MOD - [2011/10/19 22:18:48 | 000,058,712 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\NtfsData.dll
MOD - [2011/10/14 02:37:32 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8056d047225d4a9c2e4c6b096563d93d\UIAutomationTypes.ni.dll
MOD - [2011/10/14 02:37:22 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/14 02:36:29 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/14 02:36:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/14 02:36:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/14 02:32:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/14 02:32:21 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:32:13 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/14 02:32:02 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
MOD - [2011/10/14 02:31:53 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/14 02:31:53 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 02:31:39 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/14 02:31:29 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/14 02:31:26 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/14 02:30:39 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/14 02:19:36 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\bd104bb2f798661c5a972249582b5441\System.ServiceModel.Routing.ni.dll
MOD - [2011/10/14 02:19:35 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9be7f7f68d488eb02161d3f0663a61a4\System.ServiceModel.Discovery.ni.dll
MOD - [2011/10/14 02:19:34 | 001,392,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a19563d781ccd0807a41d27701d485c6\System.ServiceModel.Activities.ni.dll
MOD - [2011/10/14 02:19:34 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e08ecf530f270cd45c72318b67826cb1\System.ServiceModel.Channels.ni.dll
MOD - [2011/10/14 02:19:31 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\559ebac0a85ae55da09827b8048f77bd\System.ServiceModel.ni.dll
MOD - [2011/10/14 02:19:06 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\16c385f23b5e493899f0d206dfb60094\System.IdentityModel.ni.dll
MOD - [2011/10/14 02:17:28 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\41a4f6cc5d596e952fd880ae1a47308f\System.Runtime.DurableInstancing.ni.dll
MOD - [2011/10/14 02:17:27 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\993f89ba22499c379d2a9dd25d13cd94\System.Runtime.Serialization.ni.dll
MOD - [2011/10/14 02:17:27 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\398a52caf1e9fd1a6ea9dd589b0f6e68\SMDiagnostics.ni.dll
MOD - [2011/10/14 02:17:25 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll
MOD - [2011/10/14 02:17:24 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
MOD - [2011/10/14 02:08:03 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011/10/14 02:08:03 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011/10/14 02:08:01 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll
MOD - [2011/10/14 02:07:56 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:07:47 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011/10/14 02:07:46 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
MOD - [2011/10/14 02:07:41 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 02:07:39 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
MOD - [2011/10/14 02:07:36 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
MOD - [2011/10/14 02:07:32 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011/10/14 02:07:26 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2009/07/23 08:44:33 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2009/07/23 08:44:33 | 001,400,832 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2009/07/23 08:44:33 | 000,872,448 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2009/07/23 08:44:33 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2009/07/23 08:44:33 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2009/07/23 08:44:33 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2009/07/23 08:44:33 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2009/07/23 08:44:33 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2009/07/23 08:44:33 | 000,236,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2009/07/23 08:44:33 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2009/07/23 08:44:33 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2009/07/23 08:44:32 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2009/07/23 08:44:31 | 000,466,944 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2009/07/23 08:44:31 | 000,404,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2009/07/23 08:44:31 | 000,128,512 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2009/07/23 08:44:31 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2009/07/23 08:44:31 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2009/07/23 08:44:31 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2009/07/23 08:44:31 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2009/07/23 08:44:30 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2009/07/23 08:44:30 | 000,354,816 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2009/07/23 08:44:30 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2009/07/23 08:44:30 | 000,258,560 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2009/07/23 08:44:30 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2009/07/23 08:44:29 | 001,240,576 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2009/07/23 08:44:29 | 000,757,760 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2009/07/23 08:44:29 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2009/07/23 08:44:29 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2009/07/23 08:44:29 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2009/07/23 08:44:29 | 000,171,008 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2009/07/23 08:44:29 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2009/07/23 08:44:29 | 000,096,768 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2009/07/23 08:44:29 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2009/07/23 08:44:29 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2009/04/22 05:36:02 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2009/04/10 01:22:04 | 000,906,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/04/03 19:23:44 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/04/03 19:23:42 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/04/03 19:23:40 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/04/03 19:23:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/04/03 19:23:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/04/03 19:23:38 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/04/03 19:23:36 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/04/03 19:23:34 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/01/21 05:47:24 | 000,034,088 | ---- | M] () -- c:\Program Files (x86)\Cyberlink\Shared files\richvideops.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/12/03 20:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/11/03 13:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/08 21:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/12/04 12:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/10/25 18:04:46 | 000,384,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/10/01 09:37:40 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2010/06/09 15:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 15:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2010/04/22 17:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/11/02 18:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/26 06:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/02/02 13:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2008/12/04 07:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp-desktop.ao.../?ncid=hpd_0609
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/06/24 08:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/06/24 08:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/06/24 08:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/09 20:37:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/13 15:03:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/11/13 15:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2011/11/19 12:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\03jy7afw.default\extensions
[2011/11/19 12:54:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\03jy7afw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/13 15:29:42 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\03jy7afw.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/11/13 15:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2011/11/19 18:13:32 | 000,000,762 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.scana...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.28.160.35 72.28.160.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEE4D985-3C15-484B-9363-504259440810}: DhcpNameServer = 72.28.160.35 72.28.160.36
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\sbhook.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clinear.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clinear.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/20 00:42:04 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/20 00:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/11/20 00:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2011/11/20 00:18:37 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\IObit
[2011/11/20 00:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/11/19 23:55:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/19 23:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/19 22:26:12 | 050,295,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/11/19 12:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2011/11/19 12:01:18 | 007,370,976 | ---- | C] (Igor Pavlov) -- C:\Users\Joe\Desktop\Garmin Communicator Plugin_301.exe
[2011/11/19 11:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2011/11/19 11:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin GPS Plugin
[2011/11/19 11:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/11/19 11:50:50 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/11/13 15:19:30 | 000,384,616 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2011/11/13 15:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel Desktop Board
[2011/11/13 15:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/11/13 15:04:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\SystemRequirementsLab
[2011/11/13 15:03:39 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Mozilla
[2011/11/13 15:03:39 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Mozilla
[2011/11/13 15:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/11/12 19:52:15 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\ElevatedDiagnostics
[2011/11/12 19:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/12 19:31:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/12 19:31:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/12 19:31:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/12 18:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnVir Task Manager Free
[2011/11/12 18:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnVir Task Manager Free
[2011/11/12 18:10:25 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\AnVir
[2011/11/12 15:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/11/12 15:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011/11/12 14:03:49 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\SlimWare Utilities Inc
[2011/11/12 14:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
[2011/11/12 14:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimCleaner
[2011/11/12 14:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installers
[2011/11/12 11:59:56 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\My Drivers
[2011/11/12 11:59:56 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Innovative Solutions
[2011/11/12 11:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2011/11/12 11:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/12 11:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/12 11:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/12 11:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/12 11:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/11/12 11:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/11/12 11:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/12 11:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/11/11 21:29:56 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\Downloads
[2011/11/11 21:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/11 21:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/11/11 21:07:44 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Malwarebytes
[2011/11/11 21:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/11 21:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/11 21:07:20 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/11 21:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/11 20:13:21 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Laine's Stuff
[2011/11/11 20:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/11 19:53:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2 C:\Users\Joe\Documents\*.tmp files -> C:\Users\Joe\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/20 01:11:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 01:11:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 00:59:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/20 00:42:27 | 000,002,555 | ---- | M] () -- C:\Users\Joe\Desktop\HiJackThis.lnk
[2011/11/20 00:18:38 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/11/20 00:18:38 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2011/11/19 18:13:09 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/19 12:10:30 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
[2011/11/19 12:01:18 | 007,370,976 | ---- | M] (Igor Pavlov) -- C:\Users\Joe\Desktop\Garmin Communicator Plugin_301.exe
[2011/11/18 19:11:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/16 17:48:59 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/16 17:48:59 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/16 17:48:59 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/16 16:17:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/13 16:31:28 | 000,000,970 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/11/13 15:03:35 | 000,000,914 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/12 11:12:23 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/11 20:02:48 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/11 19:53:32 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/11/11 19:43:43 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2011/11/03 07:38:33 | 000,002,651 | ---- | M] () -- C:\Users\Joe\Desktop\Microsoft Office Word 2007.lnk
[2011/11/01 07:48:16 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/10/29 13:02:15 | 000,000,020 | ---- | M] () -- C:\Users\Joe\Documents\gpfax.adr
[2011/10/29 13:02:15 | 000,000,008 | ---- | M] () -- C:\Users\Joe\Documents\gpfax.idx
[2011/10/29 12:56:00 | 002,098,703 | ---- | M] () -- C:\Users\Joe\Desktop\mom judge mean jean.jpg
[2011/10/27 22:04:56 | 050,295,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2 C:\Users\Joe\Documents\*.tmp files -> C:\Users\Joe\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 00:42:04 | 000,002,555 | ---- | C] () -- C:\Users\Joe\Desktop\HiJackThis.lnk
[2011/11/20 00:18:38 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/11/20 00:18:38 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2011/11/19 12:08:17 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
[2011/11/13 15:19:30 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2011/11/13 15:03:35 | 000,000,914 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/13 15:03:34 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/12 11:12:23 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/11 20:02:48 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/11 19:53:32 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/11/11 19:53:32 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/10/29 13:02:15 | 000,000,020 | ---- | C] () -- C:\Users\Joe\Documents\gpfax.adr
[2011/10/29 13:02:15 | 000,000,008 | ---- | C] () -- C:\Users\Joe\Documents\gpfax.idx
[2011/10/29 12:56:00 | 002,098,703 | ---- | C] () -- C:\Users\Joe\Desktop\mom judge mean jean.jpg
[2009/12/02 20:31:53 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/02 20:31:30 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/02 20:31:03 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/18 17:31:33 | 000,000,258 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\wklnhst.dat
[2009/10/17 09:35:18 | 000,003,584 | ---- | C] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 19:33:45 | 000,291,840 | ---- | C] () -- C:\Program Files (x86)\Common Files\PCSBoff.exe
[2009/08/26 19:33:45 | 000,090,112 | ---- | C] () -- C:\Program Files (x86)\Common Files\PCSBclean.exe
[2009/08/07 13:36:24 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/07/30 19:33:19 | 000,000,680 | ---- | C] () -- C:\Users\Joe\AppData\Local\d3d9caps.dat
[2009/07/19 14:32:25 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/07/19 14:14:34 | 000,000,732 | ---- | C] () -- C:\Users\Joe\AppData\Local\d3d9caps64.dat
[2009/04/22 05:40:27 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/04/22 05:18:42 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/04/22 05:18:42 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\Jpeg32.dll

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP