Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown malware [Solved]


  • This topic is locked This topic is locked

#16
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Now I need you to run OTL again just open it and hit Quick Scan. Post the log it produces.
  • 0

Advertisements


#17
diinovo

diinovo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Dear CompCav
Sorry for the delay I had been waiting for your reply
I did not notice until now, it had gone to the spam folder
Here is the scan result of
Thank You



OTL logfile created on: 7/30/2012 8:02:58 AM - Run 4
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 75.82% Memory free
7.00 Gb Paging File | 4.90 Gb Available in Paging File | 70.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 100.83 Gb Free Space | 60.02% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 47.78 Gb Free Space | 36.73% Space Free | Partition Type: NTFS
Drive E: | 695.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 931.51 Gb Total Space | 379.32 Gb Free Space | 40.72% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 226.44 Gb Free Space | 48.62% Space Free | Partition Type: NTFS

Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 15:28:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/06/17 17:51:58 | 000,466,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/06/17 17:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/05/15 19:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/04/24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2007/10/13 20:47:12 | 000,053,248 | ---- | M] () -- C:\Program Files\Classic Menu for Office\ArmAccess.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/17 17:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/20 12:58:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/07/14 17:14:02 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/17 17:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/05/15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/10 11:45:19 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/06/23 16:43:04 | 001,068,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 10:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 10:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/03/10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 20:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/07/14 10:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/14 09:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2002/01/12 16:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PortTalk.sys -- (PortTalk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 91 09 90 5C B5 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {5E3DD9B7-5DB3-443C-AED9-98B91906A19C}
IE - HKCU\..\SearchScopes\{5E3DD9B7-5DB3-443C-AED9-98B91906A19C}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-re...&ver=4.0.0.1550
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Search Defender"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.740
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/12/17 13:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/07/14 18:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/07/14 18:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/07/14 18:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/22 10:57:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 15:43:17 | 000,000,000 | ---D | M]

[2011/12/16 11:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/07/22 09:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions
[2012/07/22 08:50:40 | 000,008,397 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\pdf-ebook-searches.xml
[2012/06/22 10:33:10 | 000,002,349 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\search-defender-1.xml
[2012/06/20 22:52:17 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\search-defender.xml
[2012/07/22 08:50:44 | 000,011,187 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\timeanddatecom.xml
[2012/07/14 18:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/10 17:49:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/07/14 17:15:12 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/07/14 17:15:07 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/06/17 19:47:06 | 000,004,539 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KNJVK5V2.DEFAULT\EXTENSIONS\[email protected]
[2012/06/15 08:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/15 08:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Copy to &Lightning Note - c:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA463021-803B-4E77-A471-1A2BA3172F5D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/12 12:04:17 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/26 18:04:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{759BB2B0-7A44-4652-8E38-5945C47B0E0B}
[2012/07/26 18:04:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76D8B33A-111B-4C67-B2BF-36CBEEF33929}
[2012/07/25 14:13:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\XnView
[2012/07/25 13:07:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E33867B-8B67-45DF-BCA7-A531AD99B98D}
[2012/07/25 13:06:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{90BAF3AA-F32C-4292-8DFD-F64151112598}
[2012/07/25 10:08:05 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/25 10:02:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{496E6C90-A687-42C1-BF6F-C5A617E9A804}
[2012/07/25 10:02:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{58CD57F9-C679-4337-A711-543B2FA37BE9}
[2012/07/25 10:00:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CD577DD-7E8F-423D-A743-CF871D521859}
[2012/07/25 10:00:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{648BC0AE-5425-4AB6-B256-D8AD576EED49}
[2012/07/25 09:59:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A26BAE9E-EFC6-4BDA-9D46-EAA43873C995}
[2012/07/25 09:59:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9EBADFA-0EC6-489A-82CE-4EA3CBA31280}
[2012/07/25 09:50:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A1542D36-3A45-4777-8832-AD234B7C02F4}
[2012/07/25 09:50:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BD57604F-385B-48FC-B2E2-A9D62997A618}
[2012/07/24 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Scan Docs
[2012/07/24 15:27:42 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/07/24 15:00:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/23 21:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012/07/23 14:52:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{103930BC-8084-4116-9DFC-C008E7A1F0D4}
[2012/07/23 14:49:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1FB64A9D-F42A-46CF-BB07-2BD0FB23A7BF}
[2012/07/23 14:45:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{4673D3DE-077F-4EBB-8878-199176EE69AD}
[2012/07/23 14:41:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{94DDC534-0E4B-481C-9A4C-74825828C85C}
[2012/07/23 14:38:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E1B8CFB8-B8D6-4FF3-8EBE-261755D8AA1B}
[2012/07/23 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{234AD5FF-50CB-43BF-A946-2F78860EC068}
[2012/07/23 14:29:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E5C99CB4-A73F-4416-8E87-1B88A686AEC8}
[2012/07/23 09:53:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B86E0C31-A459-4E85-AEC8-976186035082}
[2012/07/23 09:49:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16B5B940-ED9B-4281-A0B2-F18F1FF08D73}
[2012/07/22 13:58:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/07/22 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2012/07/22 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CRE
[2012/07/21 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1B42E99A-C774-4B30-A6A8-4E9B0068AA3F}
[2012/07/21 11:19:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87C36CEE-6B0B-4DA2-AC10-17F64D3E4884}
[2012/07/21 11:14:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{216668E3-9816-4658-9300-2D02617788E1}
[2012/07/21 11:13:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5106A4A-9C0E-4EAE-8B6C-6B2BC42944E5}
[2012/07/21 10:08:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5304FB6-D9CA-4DEF-BBC8-15965A4ECACD}
[2012/07/21 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{3B87E682-8AD7-419C-932C-E0B5AABA77FA}
[2012/07/21 10:06:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{40BB17BB-953F-40F7-B01A-79372BA6EAC5}
[2012/07/21 10:06:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E5F9EC55-211B-4841-8B7F-C16A6217385D}
[2012/07/20 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{263F4AB0-90AC-4623-B2CB-C472E17990A0}
[2012/07/20 17:30:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C4FBF46A-1DE8-4EB8-B36C-832FCE8E7AC4}
[2012/07/16 11:55:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\CCWin
[2012/07/14 17:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012/07/14 17:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/14 17:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/07/14 17:14:02 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/07/14 17:04:49 | 000,638,976 | ---- | C] (ESET) -- C:\Windows\ESETUninstaller.exe
[2012/07/14 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2012/07/12 22:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidBIT Downloader
[2012/07/12 13:31:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5AC709BE-44AC-4AA8-88E7-CCE137CBB5FD}
[2012/07/12 05:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2012/07/12 05:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2012/07/12 05:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/07/12 05:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2012/07/11 10:03:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\updfiles
[2012/07/11 02:42:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FixZeroAccess
[2012/07/11 01:13:02 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Desktop\SymantecFixZeroAccess.exe
[2012/07/10 08:19:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7EEE5FEB-DC92-4ABF-955A-443B142A3FD8}
[2012/07/10 01:31:16 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Desktop\[Originals]
[2012/07/09 10:46:50 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/09 10:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/07/01 12:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2012/07/01 12:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-zip
[2012/07/01 12:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip
[2012/07/01 12:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/06/30 17:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/30 16:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/30 16:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/30 16:18:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/30 16:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/30 11:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Builder
[2012/06/30 11:28:01 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/30 07:55:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/27 15:11:50 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 15:11:50 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 15:04:20 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/07/27 15:04:07 | 2817,380,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/27 13:41:59 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/07/26 18:11:31 | 000,030,245 | ---- | M] () -- C:\Users\Administrator\Desktop\defroster-trim-164_enl 2.png
[2012/07/26 00:00:03 | 000,025,252 | ---- | M] () -- C:\Users\Administrator\Desktop\Kangaroo Text (658x132).jpg
[2012/07/25 23:06:53 | 000,043,654 | ---- | M] () -- C:\Users\Administrator\Desktop\Kangaroo Text.jpg
[2012/07/25 18:21:02 | 000,225,651 | ---- | M] () -- C:\Users\Administrator\Desktop\Youtube Ultima 1_001.png
[2012/07/25 14:14:45 | 000,001,070 | ---- | M] () -- C:\Users\Administrator\Desktop\XnView.lnk
[2012/07/25 13:56:31 | 000,007,308 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/07/24 15:46:58 | 000,632,049 | ---- | M] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2012/07/24 15:28:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/07/24 13:37:38 | 000,171,673 | ---- | M] () -- C:\Users\Administrator\Desktop\Untitled.png
[2012/07/24 09:16:28 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012/07/24 09:16:27 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012/07/24 00:30:50 | 000,018,577 | ---- | M] () -- C:\Users\Administrator\Desktop\defroster-trim-164.png
[2012/07/23 22:29:54 | 000,002,266 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/07/22 16:09:41 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/07/22 14:03:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/07/22 12:35:31 | 000,041,097 | ---- | M] () -- C:\Users\Administrator\Desktop\Extend ja-f-27b.pdf
[2012/07/20 20:52:45 | 000,018,706 | ---- | M] () -- C:\Users\Administrator\Desktop\Pay Slip.zip
[2012/07/19 17:39:24 | 000,000,353 | ---- | M] () -- C:\Users\Administrator\Desktop\164 A-C compressor rebuild needed - Alfa Romeo Bulletin Board & Forums.url
[2012/07/14 18:38:09 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/14 17:16:37 | 000,017,408 | ---- | M] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2012/07/14 17:14:02 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/07/14 17:04:26 | 000,638,976 | ---- | M] (ESET) -- C:\Windows\ESETUninstaller.exe
[2012/07/14 15:44:20 | 000,004,021 | ---- | M] () -- C:\Windows\System32\EpfwUser.dat
[2012/07/14 15:44:20 | 000,004,021 | ---- | M] () -- C:\Windows\System32\EpfwTemp.dat
[2012/07/14 14:38:51 | 000,001,441 | ---- | M] () -- C:\Users\Administrator\Desktop\Internet Explorer.lnk
[2012/07/14 09:23:05 | 002,784,732 | ---- | M] () -- C:\Windows\System32\em023_32.dat
[2012/07/14 09:23:04 | 035,604,120 | ---- | M] () -- C:\Windows\System32\em002_32.dat
[2012/07/12 06:20:20 | 000,089,094 | ---- | M] () -- C:\Windows\System32\em006_32.dat
[2012/07/11 21:44:08 | 001,103,622 | ---- | M] () -- C:\Windows\System32\em009_32.dat
[2012/07/11 21:44:08 | 000,492,053 | ---- | M] () -- C:\Windows\System32\em004_32.dat
[2012/07/11 21:44:08 | 000,252,560 | ---- | M] () -- C:\Windows\System32\em008_32.dat
[2012/07/11 21:44:08 | 000,046,729 | ---- | M] () -- C:\Windows\System32\em005_32.dat
[2012/07/11 21:44:08 | 000,038,604 | ---- | M] () -- C:\Windows\System32\em013_32.dat
[2012/07/11 21:44:08 | 000,004,342 | ---- | M] () -- C:\Windows\System32\em015_32.dat
[2012/07/11 21:44:07 | 000,714,995 | ---- | M] () -- C:\Windows\System32\em003_32.dat
[2012/07/11 21:43:57 | 000,521,149 | ---- | M] () -- C:\Windows\System32\em001_32.dat
[2012/07/11 21:43:57 | 000,055,770 | ---- | M] () -- C:\Windows\System32\em000_32.dat
[2012/07/11 07:44:48 | 000,000,000 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared.fix
[2012/07/11 02:08:53 | 012,320,768 | ---- | M] () -- C:\Users\Administrator\ntuser.bak
[2012/07/11 01:57:33 | 001,346,640 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/07/11 01:13:02 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\Administrator\Desktop\SymantecFixZeroAccess.exe
[2012/07/11 01:11:44 | 000,050,206 | ---- | M] () -- C:\Users\Administrator\Desktop\Symantec fixkriz.exe
[2012/07/10 08:25:59 | 000,002,873 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Photo Manager 12.lnk
[2012/07/09 10:53:10 | 000,000,047 | RH-- | M] () -- C:\Users\Administrator\Desktop\stinger 2.opt
[2012/07/09 10:46:50 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/03 09:49:40 | 000,000,948 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012/07/01 12:26:50 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/06/30 22:30:48 | 001,110,476 | ---- | M] () -- C:\Users\Administrator\Desktop\7z920.exe
[2012/06/30 17:51:41 | 000,001,119 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/30 15:23:21 | 000,001,045 | ---- | M] () -- C:\Users\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/06/30 15:23:21 | 000,001,045 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/26 18:01:40 | 000,030,245 | ---- | C] () -- C:\Users\Administrator\Desktop\defroster-trim-164_enl 2.png
[2012/07/25 23:48:44 | 000,025,252 | ---- | C] () -- C:\Users\Administrator\Desktop\Kangaroo Text (658x132).jpg
[2012/07/25 23:06:53 | 000,043,654 | ---- | C] () -- C:\Users\Administrator\Desktop\Kangaroo Text.jpg
[2012/07/25 18:21:01 | 000,225,651 | ---- | C] () -- C:\Users\Administrator\Desktop\Youtube Ultima 1_001.png
[2012/07/25 14:14:45 | 000,001,070 | ---- | C] () -- C:\Users\Administrator\Desktop\XnView.lnk
[2012/07/24 15:46:25 | 000,632,049 | ---- | C] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2012/07/24 13:37:38 | 000,171,673 | ---- | C] () -- C:\Users\Administrator\Desktop\Untitled.png
[2012/07/24 00:32:24 | 000,018,577 | ---- | C] () -- C:\Users\Administrator\Desktop\defroster-trim-164.png
[2012/07/22 12:35:31 | 000,041,097 | ---- | C] () -- C:\Users\Administrator\Desktop\Extend ja-f-27b.pdf
[2012/07/20 20:52:45 | 000,018,706 | ---- | C] () -- C:\Users\Administrator\Desktop\Pay Slip.zip
[2012/07/19 17:39:24 | 000,000,353 | ---- | C] () -- C:\Users\Administrator\Desktop\164 A-C compressor rebuild needed - Alfa Romeo Bulletin Board & Forums.url
[2012/07/14 17:16:34 | 000,017,408 | ---- | C] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2012/07/14 17:15:14 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012/07/14 17:15:14 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012/07/14 14:38:51 | 000,001,441 | ---- | C] () -- C:\Users\Administrator\Desktop\Internet Explorer.lnk
[2012/07/11 21:44:09 | 035,604,120 | ---- | C] () -- C:\Windows\System32\em002_32.dat
[2012/07/11 21:44:09 | 002,784,732 | ---- | C] () -- C:\Windows\System32\em023_32.dat
[2012/07/11 21:44:09 | 001,103,622 | ---- | C] () -- C:\Windows\System32\em009_32.dat
[2012/07/11 21:44:09 | 000,714,995 | ---- | C] () -- C:\Windows\System32\em003_32.dat
[2012/07/11 21:44:09 | 000,521,149 | ---- | C] () -- C:\Windows\System32\em001_32.dat
[2012/07/11 21:44:09 | 000,492,053 | ---- | C] () -- C:\Windows\System32\em004_32.dat
[2012/07/11 21:44:09 | 000,252,560 | ---- | C] () -- C:\Windows\System32\em008_32.dat
[2012/07/11 21:44:09 | 000,089,094 | ---- | C] () -- C:\Windows\System32\em006_32.dat
[2012/07/11 21:44:09 | 000,055,770 | ---- | C] () -- C:\Windows\System32\em000_32.dat
[2012/07/11 21:44:09 | 000,046,729 | ---- | C] () -- C:\Windows\System32\em005_32.dat
[2012/07/11 21:44:09 | 000,038,604 | ---- | C] () -- C:\Windows\System32\em013_32.dat
[2012/07/11 21:44:09 | 000,004,342 | ---- | C] () -- C:\Windows\System32\em015_32.dat
[2012/07/11 10:02:28 | 000,004,021 | ---- | C] () -- C:\Windows\System32\EpfwTemp.dat
[2012/07/11 10:02:27 | 000,004,021 | ---- | C] () -- C:\Windows\System32\EpfwUser.dat
[2012/07/11 02:47:41 | 000,000,000 | ---- | C] () -- C:\Program Files\Common Files\Symantec Shared.fix
[2012/07/11 01:11:44 | 000,050,206 | ---- | C] () -- C:\Users\Administrator\Desktop\Symantec fixkriz.exe
[2012/07/09 10:05:04 | 000,000,047 | RH-- | C] () -- C:\Users\Administrator\Desktop\stinger 2.opt
[2012/07/01 12:25:30 | 000,000,454 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/07/01 12:25:29 | 000,000,426 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/07/01 12:15:36 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/07/01 09:54:20 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/06/30 22:30:47 | 001,110,476 | ---- | C] () -- C:\Users\Administrator\Desktop\7z920.exe
[2012/06/30 17:51:41 | 000,001,119 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/30 15:23:38 | 000,001,045 | ---- | C] () -- C:\Users\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/06/30 15:23:38 | 000,001,045 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/06/30 15:23:35 | 000,002,266 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0611.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0559.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0536.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0520.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0512.old
[2012/04/17 22:48:02 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2012/04/10 17:53:58 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012/04/01 23:45:41 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/03/19 13:58:18 | 000,000,000 | ---- | C] () -- C:\Windows\Textart.INI
[2012/02/09 14:20:38 | 004,794,880 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/02/02 14:32:01 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012/01/30 23:42:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/24 21:53:30 | 000,000,564 | ---- | C] () -- C:\Windows\eReg.dat
[2012/01/20 15:48:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/20 15:47:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/17 10:50:09 | 000,000,948 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/01/17 10:50:09 | 000,000,154 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/01/17 10:49:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/01/17 10:49:34 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/01/17 10:48:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/01/17 10:48:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/01/12 08:13:33 | 000,007,608 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/01/09 19:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/06 18:40:15 | 000,014,848 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/06 01:53:12 | 145,727,915 | ---- | C] () -- C:\Users\Administrator\Sky Angel Vol.72 Internal Cum Shot - AYA-02.mp4
[2011/12/21 21:03:43 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/12/16 11:00:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/12/11 11:39:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/12/11 11:37:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/12/10 20:34:27 | 000,007,308 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/12/10 20:27:15 | 000,000,258 | ---- | C] () -- C:\Windows\System32\BDEMERGE.INI
[2011/12/08 04:22:23 | 012,320,768 | ---- | C] () -- C:\Users\Administrator\ntuser.bak
[2011/12/07 19:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/11/22 03:55:12 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/28 03:00:11 | 000,001,194 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat

========== LOP Check ==========

[2011/12/13 17:44:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2012/06/25 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2012/02/02 16:23:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2012/07/11 02:42:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FixZeroAccess
[2012/04/01 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garmin
[2012/04/06 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HideIPEasy
[2012/03/18 08:51:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InterVideo
[2012/03/12 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NCH Swift Sound
[2011/12/16 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2011/12/16 17:45:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2012/03/26 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC-FAX TX
[2012/03/12 12:47:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Regensoft
[2012/01/21 23:07:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Registry Mechanic
[2011/12/21 21:05:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScanSoft
[2012/06/25 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2011/12/24 12:22:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SurfAnonymousFree
[2012/06/17 20:37:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2012/03/14 12:22:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2012/04/03 13:18:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TypeItReadIt
[2011/12/11 17:18:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WebcamMax
[2012/03/12 12:57:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Win7codecs
[2012/07/25 16:09:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\XnView
[2012/07/27 15:04:20 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2012/07/27 13:41:59 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro Updates.job
[2012/06/17 22:54:49 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 266 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:64FFFDC8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#18
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

I'd like to have you try this utility to restore the Host file back to Microsoft default.

Please try this utility below to accomplish this.

Download the HostsXpert 4.3 - Hosts File Manager.

  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
  • Run HostsXpert 4.3 - Hosts File Manager from the folder you extracted it to
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Reboot the computer.


Step 2.

Please give me an update on your computer issues that are remaining.
  • 0

#19
diinovo

diinovo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I have run the HostsXpert 4.3 and restarted
I have downloads and installed windows updates
It is working fine for what I cat tell, what do you thing is anything else in there?
Thanks
  • 0

#20
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0

#21
diinovo

diinovo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Dear CompCave
I have run the scan it took nearly 8 hour within minutes to finish I did Exactly what YOU said NOT to do, I accidently touched the keyboard and it stopped, it showed something like 127 treats most in storage drivers.

I ran scan again it has just finished, it has found no treats.
Now I have tried but unable to copy log

I do NOT know how to copy log scan from eset, I have not continued with the scan, I hope you can tell me HOW if you want the scan result, awaiting you reply

Thanks
  • 0

#22
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
The log file should be here:

C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • 0

#23
diinovo

diinovo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I posted results of scan it took little long but then the page went blank and said: internet explorer cannot show page
I do not know if you received it or not I am sending the second time
Thank You


Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: KHAN [administrator]

Protection: Enabled

7/30/2012 11:29:20 AM
mbam-log-2012-07-30 (11-29-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211484
Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
----------------------------------------------------------------------------------------



[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=17b90ca218ede64db8ca273927e7f565
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-30 01:18:38
# local_time=2012-07-30 11:18:38 (+1000, E. Australia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 528309 528309 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 95244754 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9472 16777215 100 0 0 0 0 0
# scanned=990981
# found=122
# cleaned=122
# scan_time=40754
C:\Users\Administrator\Desktop\Hirens.BootCD.15.1.zip Win32/PSWTool.KonBoot.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\Desktop\UBCD4WinV360.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\Documents\Corel.WordPerfect.Office.Professional.X5.v15.0.0.357..NFO-AGAiN.iso a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\Downloads\AVS4YOU\AVS Audio Editor 7.0.1.417\Activator\activator.exe a variant of Win32/HackTool.Patcher.T application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\nsf9492.tmp.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\SetupDataMngr_jZip.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\7zO17.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\7zO9CD6.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\extension.exe a variant of Win32/Adware.GoodMedia.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\nsgE629.tmp.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zO1D6C.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zO3329.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zO4B73.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zO518D.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zO5EAB.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zO66D0.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zO7010.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zO79E9.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zO8299.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zO834E.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zO8EEC.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zOAD37.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zOB518.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zOB6B1.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\7zOE3D9.tmp\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\Temp\Temp1_ag-cx501.zip\AGAiN.rar a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\VirtualStore\Program Files\AGAiN wp.rar a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\AppData\Local\VirtualStore\Program Files\Corel.WordPerfect.Office.Professional.X5.v15.0.0.357..NFO-AGAiN\ag-cx501.zip a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\Downloads\cnet_HyperOs10PCsIn1_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\Downloads\jZipV1l.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\Downloads\Microsoft.Windows.7.Professional.Edition.KMS.Activator.HAPPY.CHINESE.NEW.YEAR-ZWT.rar a variant of Win32/HackKMS.A application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\Downloads\produkey.zip Win32/PSWTool.ProductKey application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\Downloads\SLIC Tools.rar a variant of Win32/Packed.FlyStudio application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\Downloads\SLIC_ToolKit_V3.2.rar Win32/HackTool.SLICMod.C application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Users\DII\New Folder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C16NI6R3\FinalTorrent2011Setup[1].exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\avast_Free_Antivirus.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\2 Runtime-GetDataBack-for-FATNTFS-4-2-FULL-Version.exe a variant of Win32/Adware.GoodMedia.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\ACDSee.Photo.Manager.v12.0.342.Incl.Keymaker-CORE.rar Win32/Keygen.DH application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\CD Burn cdbxp_setup_4.4.1.3099.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\Craagle.4.0.www.InstanWarez.com.rar Win32/Adware.Craagle application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\Crekd Runtime-GetDataBack-for-FATNTFS-4-2-full-cracked.exe a variant of Win32/Adware.GoodMedia.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\crggl4.rar Win32/Adware.Craagle application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\Daemon Tools DTLite4454-0315.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\downloader-youtube-103-setup.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\Dragon Naturally Speaking 11.5 KeyGen.rar MSIL/Hoax.FakeKG.A application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\FinalTorrent2011Setup open torent file.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer.rar probably a variant of Win32/Agent.EUXWFOV trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\pspv Pasword View.zip Win32/PassView.163 application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\setup 2.exe Win32/Adware.Bundlore application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\TelevisionFanatic.exe Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\ACDSee 10 Full Install\ACDSee.Photo.Manager.v12.0.342.Incl.Keymaker-CORE.rar Win32/Keygen.DH application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\ACDSee 10 Full Install\acdsee_v10.0.238_keygen\keygen.exe a variant of Win32/Keygen.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\AUDIO VIDEO\AVS.Video.Editor.v6.1.2.211.Multilingual.mundomanuales.com.rar a variant of Win32/HackTool.Patcher.T application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\AUDIO VIDEO\Video2Webcam_v3.3.0.2_Software_Keygen_downloader_133.exe a variant of Win32/ExpressFiles application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\AUDIO VIDEO\Corel.WinDVD.Pro.v11.0.0.342.Multilingual.Incl.Keymaker-CORE\keygen.exe a variant of Win32/Keygen.AU application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\AUDIO VIDEO\NCH Editor\NCH SoundTap v1.34.zip a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\AUDIO VIDEO\NCH Editor\NCH_DD_v4.14\NCH_DD_v414.rar a variant of Win32/Keygen.AT application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\Corel.WordPerfect.Office.Professional.X5.v15.0.0.357.Incl.Keymaker.READ.NFO-AGAiN\Curell x5.ISO a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\CORELL\AGAiN wp.rar a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\CORELL\AGAiN.rar a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\CORELL\Core X5.iso a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\CORELL\Corel.WordPerfect.Office.Professional.X5.v15.0.0.357.Incl.Keymaker.READ.NFO-AGAiN.7z a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\CORELL\Curell x5.ISO a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\CORELL\Corel.WordPerfect.Office.Professional.X5.v15.0.0.357\AGAiN.rar a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\CORELL\Corel.WordPerfect.Office.Professional.X5.v15.0.0.357..NFO-AGAiN\ag-cx501.zip a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\CORELL\Corel.WordPerfect.Office.Professional.X5.v15.0.0.357.Incl.Keymaker.READ.NFO-AGAiN\ag-cx501.zip a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\Malwarebytes Anti-Malware 1.50.1.1100 + Keygens [RH]\MBAM.1.50.1.1100_[RH] Malwarebytes KEGEN.rar probably a variant of Win32/Agent.DXPOXSP trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\OFFICE\microsoft office 2007.rar a variant of Win32/Injector.BBY trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\OFFICE\MS_Office_2003_Portable.exe a variant of MSIL/TrojanDropper.Agent.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\OFFICE\OFFICE UPDATE\OfficeIntegrator_0.6.zip Win32/Packed.Autoit.A.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\PDF EXCH\PDFCreator-1_2_1_setup.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\NEW PROGRAMS\SecurityCam.v1.1.0.5.Incl.Keymaker-CORE\keygen.exe a variant of Win32/Keygen.DP application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Recov Data\GetDatabak\[NTFS]\AGAiN.rar a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Recov Data\GetDatabak\[NTFS]\PROGRAMS to here\speedupmypc3plc.exe Win32/SpeedUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Recov Data\GetDatabak\[NTFS]\PROGRAMS to here\Corel.WordPerfect.Office.Professional.X5.v15.0.0.357.Incl.Keymaker.READ.NFO-AGAiN\ag-cx501.zip a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Recov Data\GetDatabak\[NTFS]\PROGRAMS to here\NCH WavePad soundmaster\NCH Software\Express Burn Plus\Keygen.exe a variant of Win32/Keygen.AT application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Recov Data\GetDatabak\[NTFS]\PROGRAMS to here\NCH WavePad soundmaster\NCH Software\Switch Sound File Converter\Keygen.exe a variant of Win32/Keygen.AT application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Recov Data\GetDatabak\[NTFS]\Saved from C\PJMM\Local Settings\Temp\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Recov Data\GetDatabak\[NTFS]\[Lost files]\1997B0B0.ZIP a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
F:\TEMPORANEA\TEMP foto\UBCD4WinV322.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\DOCUMENTI di Pietro\LA MUSICA di Pietro\DVD Making Kit (AnyDVD+Crack, DivxToDVD, CopyToDVD+Crack, DVD Shrink).rar a variant of Win32/HackTool.Patcher.X application (deleted - quarantined) 00000000000000000000000000000000 C
G:\DOCUMENTI di Pietro\LA MUSICA di Pietro\PROGRAMS\clone dvd + any dvd+ crack+serial\elby clone dvd v1.3.10.1 anydvd 2.0.0.4 ger key\AnyDVD v2.0.0.4.rar probably a variant of Win32/Adware.Agent.EQTHDWD application (deleted - quarantined) 00000000000000000000000000000000 C
G:\DOCUMENTI di Pietro\LA MUSICA di Pietro\PROGRAMS\clone dvd + any dvd+ crack+serial\elby clone dvd v1.3.10.1 anydvd 2.0.0.4 ger key\anydvd v2.0.0.4\SetupAnyDVD2004.exe probably a variant of Win32/Adware.Agent.EQTHDWD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\DOCUMENTI di Pietro\LA MUSICA di Pietro\PROGRAMS\clone dvd + any dvd+ crack+serial (713 TSB)\elby clone dvd v1.3.10.1 anydvd 2.0.0.4 ger key\AnyDVD v2.0.0.4.rar probably a variant of Win32/Adware.Agent.EQTHDWD application (deleted - quarantined) 00000000000000000000000000000000 C
G:\DOCUMENTI di Pietro\LA MUSICA di Pietro\PROGRAMS\clone dvd + any dvd+ crack+serial (713 TSB)\elby clone dvd v1.3.10.1 anydvd 2.0.0.4 ger key\anydvd v2.0.0.4\SetupAnyDVD2004.exe probably a variant of Win32/Adware.Agent.EQTHDWD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\File-Manager__fc_setup_.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\KillProcessSetup.exe a variant of Win32/KillProcess.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\PC.Tools.Registry.Mechanic.v10.0.0.132.Multilingual.WinALL.Incl.Keygen.and.Patch.WORKING-BRD.rar a variant of Win32/HackTool.Patcher.T application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\UBCD4WinV322.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\ACD Systems\907cc78203a9bc25210dc2d92611cc4ea0b ACDS 8 Multy lingual.zip a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\ACD Systems\ACDSee Photo Manager v10\ACDSee Photo Manager v10.0 Build 238 [Full] [Eng].rar a variant of Win32/Keygen.AG application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\ACD Systems\acdsee.8.0.x.photo.manager.spanish and italian.con crack (roibal)\acdsee.8.0.x.photo.manager.spanish and italian.con crack (roibal)\acdseev8.xbuildxmultilingualonlinecheckpatchsnd 2.zip a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\ACD Systems\acdsee.8.0.x.photo.manager.spanish and italian.con crack (roibal)\acdsee.8.0.x.photo.manager.spanish and italian.con crack (roibal)\acdseev8[1].1keygen_EMzJSaaEyvL 2copy.zip probably a variant of Win32/Agent.HMENGNS trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\ACD Systems\acdsee.8.0.x.photo.manager.spanish and italian.con crack (roibal)\acdsee.8.0.x.photo.manager.spanish and italian.con crack (roibal)\acdseev8[1].1keygen_EMzJSaaEyvL.zip probably a variant of Win32/Agent.HMENGNS trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\ACD Systems\acdsee.8.0.x.photo.manager.spanish and italian.con crack (roibal)\acdsee.8.0.x.photo.manager.spanish and italian.con crack (roibal)\Copy of acdseev8[1].1keygen_EMzJSaaEyvL 2copy.zip probably a variant of Win32/Agent.HMENGNS trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\ACD Systems\acdseev8[1].1keygen_EMzJSaaEyvL\keygen.exe probably a variant of Win32/Agent.HMENGNS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\ACD Systems\New Crack Italiano\acdseev8.xbuildxmultilingualonlinecheckpatchsnd.zip a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\ACD Systems\New Crack Italiano\acdsystemsacdseev8.0keygenz.w.t.zip probably a variant of Win32/Agent.HMENGNS trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\ACDSee 10 Full Install\acdsee_v10.0.238_keygen\keygen.exe a variant of Win32/Keygen.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Driver Genius Pro 2008 v8.0.316+Keygen-HeartBug\Keygen\keygen.exe probably a variant of Win32/Agent.EOWTQZB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Get Data Back FAT32\DATA Ricorery\Photo_Recovery_Genius_v1.2.0.0_Patch_AT4RE.rar a variant of Win32/Kryptik.AE trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Programs\AcdSee Photo Manager v10[1].0.219 - CORE.rar a variant of Win32/Keygen.AG application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Programs\ACD Systems\Keygen\acdsystemsacdseev8.0keygenz.w.t.zip probably a variant of Win32/Agent.HMENGNS trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Programs\ACD Systems\Keygen\ACD[1].Systems.ACDSee.v8.0.Keymaker.Only-ZWT.ZIP probably a variant of Win32/Agent.HMENGNS trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Programs\CRACK\acdsystemsacdseev8.0keygenz.w.t.zip probably a variant of Win32/Agent.HMENGNS trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Programs\DATA Ricorery\Recover My Files\RecoverMyFiles-Setup Version 3.9.8.5784.exe probably a variant of Win32/IRCBot.HJPIXFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Programs\DATA Ricorery\Recover My Files\RecoverMyFiles-Setup.exe probably a variant of Win32/IRCBot.HJPIXFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Programs\DATA Ricorery\Recover My Files\Recover[1].My.Files.v3.9.8.5784.Incl.Serial_GeoDeeJay.rar probably a variant of Win32/IRCBot.HJPIXFK trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Programs\WinRAR\Crack WinRAR v3.70 beta 6.zip a variant of Win32/HackTool.Patcher.X application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Programs\WinRAR\Crack WinRAR v3.70 beta 6\Crack WinRAR version 3.70 beta 6.exe a variant of Win32/HackTool.Patcher.X application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\REGISTRY\registrybooster.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\REGISTRY\Registry Clean\registryfix Internet Fix.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\REGISTRY\Registry Clean\registryfix.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\REGISTRY\Registry Clean\RegistryFix_6.2_serial_by_FOFF.rar a variant of Win32/Adware.ErrorClean application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\REGISTRY\REGISTRY FIX\registryfix.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\REGISTRY\Registry Fix 6.2\registryfix.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Important Programs\Spyware Doctor 5.5.0.178 - Final UPDATED\Patch.exe probably a variant of Win32/HackTool.Patcher.Y application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\RECOVER\[Lost files]\1997B0B0.ZIP a variant of Win32/Keygen.AF application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Sandboxie Program\[crack] AVS4YOU all products activator 2011 (v1.0) DeGun TPB 2011\avs4you.all.products.activator.2011.(v1.0)-mpt.exe a variant of Win32/HackTool.Patcher.T application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=17b90ca218ede64db8ca273927e7f565
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-30 10:47:22
# local_time=2012-07-31 08:47:22 (+1000, E. Australia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 569595 569595 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 95286040 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9472 16777215 100 0 0 0 0 0
# scanned=991159
# found=0
# cleaned=0
# scan_time=33614
------------------------------------------------------------------------------------


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spy Sweeper Core
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.1.102.55
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
Kaspersky Lab Kaspersky Internet Security 2012 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
  • 0

#24
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
There were several items on your remote disks.

Please run MalwareBytes', update it, then click Perform Full scan and make sure all drives are checked to be scanned. This will take some time so please be patient. :thumbsup:


Then post the scan log.
  • 0

#25
diinovo

diinovo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Dear CompCav
I have run MalwareBytes full scan, at the end it did not produce a lo file, I tried to save a log but I could not find, I did make a shot of the desktop that shows the scan but I am unable to copy or attach to the page to your replay, any aider how to send it?
Thanks, Regards
  • 0

Advertisements


#26
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Here is how to get the most recent log file from MalwareBytes':

Open MalwareBytes'
Click the Logs tab.
Go to the bottom of the list. (it should be the latest scan by date and time)
Double click on it and it will open in a notepad window.
Copy/paste it into your next reply. ;)
  • 0

#27
diinovo

diinovo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I did see this log I did not think was this it looks different
Thanks



2012/07/31 10:52:06 +1000 KHAN Administrator MESSAGE Starting database refresh
2012/07/31 10:52:06 +1000 KHAN Administrator MESSAGE Stopping IP protection
2012/07/31 10:55:25 +1000 KHAN Administrator MESSAGE IP Protection stopped
2012/07/31 10:55:28 +1000 KHAN Administrator MESSAGE Database refreshed successfully
2012/07/31 10:55:28 +1000 KHAN Administrator MESSAGE Starting IP protection
2012/07/31 10:55:30 +1000 KHAN Administrator MESSAGE IP Protection started successfully
2012/07/31 11:19:56 +1000 KHAN Administrator MESSAGE Starting protection
2012/07/31 11:20:00 +1000 KHAN Administrator MESSAGE Protection started successfully
2012/07/31 11:20:03 +1000 KHAN Administrator MESSAGE Starting IP protection
2012/07/31 11:20:04 +1000 KHAN Administrator MESSAGE IP Protection started successfully
2012/07/31 11:21:28 +1000 KHAN Administrator MESSAGE Starting database refresh
2012/07/31 11:21:28 +1000 KHAN Administrator MESSAGE Stopping IP protection
2012/07/31 11:24:27 +1000 KHAN Administrator MESSAGE IP Protection stopped
2012/07/31 11:24:29 +1000 KHAN Administrator MESSAGE Database refreshed successfully
2012/07/31 11:24:29 +1000 KHAN Administrator MESSAGE Starting IP protection
2012/07/31 11:24:31 +1000 KHAN Administrator MESSAGE IP Protection started successfully
2012/07/31 13:25:44 +1000 KHAN Administrator MESSAGE Executing scheduled update: Daily
2012/07/31 13:26:19 +1000 KHAN Administrator MESSAGE Starting database refresh
2012/07/31 13:26:19 +1000 KHAN Administrator MESSAGE Scheduled update executed successfully: database updated from version v2012.07.31.01 to version v2012.07.31.02
2012/07/31 13:26:19 +1000 KHAN Administrator MESSAGE Stopping IP protection
2012/07/31 13:29:41 +1000 KHAN Administrator MESSAGE IP Protection stopped
2012/07/31 13:29:45 +1000 KHAN Administrator MESSAGE Database refreshed successfully
2012/07/31 13:29:45 +1000 KHAN Administrator MESSAGE Starting IP protection
2012/07/31 13:29:48 +1000 KHAN Administrator MESSAGE IP Protection started successfully
2012/07/31 21:12:49 +1000 KHAN Administrator MESSAGE Stopping IP protection
2012/07/31 21:16:00 +1000 KHAN Administrator MESSAGE IP Protection stopped
2012/07/31 21:16:00 +1000 KHAN Administrator MESSAGE Starting IP protection
2012/07/31 21:16:02 +1000 KHAN Administrator MESSAGE IP Protection started successfully
  • 0

#28
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
It should look like this:


Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: KHAN [administrator]

Protection: Enabled

7/30/2012 11:29:20 AM The date/time should be after this one.
mbam-log-2012-07-30 (11-29-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211484
Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#29
diinovo

diinovo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Sorry to disappoint you, I am also disappointed with myself, There is no log like you showing, this is the log for that date,s
The logs dates are: Log 2012-07-31.txt, log 2012-07-30.txt, log2012-07-28.txt
Thanks


2012/07/30 11:26:05 +1000 KHAN Administrator MESSAGE Starting protection
2012/07/30 11:26:11 +1000 KHAN Administrator MESSAGE Protection started successfully
2012/07/30 11:26:14 +1000 KHAN Administrator MESSAGE Starting IP protection
2012/07/30 11:26:15 +1000 KHAN Administrator MESSAGE IP Protection started successfully
2012/07/30 11:28:20 +1000 KHAN Administrator MESSAGE Starting database refresh
2012/07/30 11:28:20 +1000 KHAN Administrator MESSAGE Stopping IP protection
2012/07/30 11:31:32 +1000 KHAN Administrator MESSAGE IP Protection stopped
2012/07/30 11:31:35 +1000 KHAN Administrator MESSAGE Database refreshed successfully
2012/07/30 11:31:35 +1000 KHAN Administrator MESSAGE Starting IP protection
2012/07/30 11:31:37 +1000 KHAN Administrator MESSAGE IP Protection started successfully
2012/07/30 13:32:19 +1000 KHAN Administrator MESSAGE Executing scheduled update: Daily
2012/07/30 13:32:26 +1000 KHAN Administrator MESSAGE Starting database refresh
2012/07/30 13:32:26 +1000 KHAN Administrator MESSAGE Scheduled update executed successfully: database updated from version v2012.07.29.09 to version v2012.07.30.01
2012/07/30 13:32:26 +1000 KHAN Administrator MESSAGE Stopping IP protection
2012/07/30 13:35:31 +1000 KHAN Administrator MESSAGE IP Protection stopped
2012/07/30 13:35:57 +1000 KHAN Administrator MESSAGE Database refreshed successfully
2012/07/30 13:35:57 +1000 KHAN Administrator MESSAGE Starting IP protection
2012/07/30 13:35:59 +1000 KHAN Administrator MESSAGE IP Protection started successfully
  • 0

#30
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Well let's try this:

Either rerun MalwareBytes' or run this:

Notes to helper: KSS cannot be installed when other Kasperksy Lab applications are installed
Also KSS does not remove malicious objects or disinfect infected files

  • Go to here
  • Click the download button under Kaspersky Security Scan
  • Download and run the file
  • It will start to download the Kaspersky Security Scan program data
  • Once downloaded the installer will begin
  • Click Next
  • Accept the License Agreement
  • Click Install
  • The program will now install
  • Click Finish
  • Kaspersky Security Scan will now start

    Posted Image
  • Click the Full Scan button

    Posted Image
  • The scan will take about an hour or two depending on the amount of data on your hard drive
  • If the scan detects problems it will open a Problems found window (you can click Details to view the scan results)

    Posted Image
  • Once the scan is complete do the following:
    • For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
      For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
    • Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
    • Attach the HtmlReport zipped folder to your next post
      Posted Image
      Posted Image
      Posted Image
  • You can now close Kaspersky Security Scan

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP