Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

random emails help


  • This topic is locked This topic is locked
12 replies to this topic

#1 BakedDaily

BakedDaily

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 07 February 2012 - 09:08 AM

Hi i been having a problem with my computer sending emails and links to other people on my contact list with windows mail. I have attached the dds log with this post and i am ready to do what ever i gotta do to remove/ fix this issue.

Attached Files



BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:06 AM

Posted 09 February 2012 - 11:51 AM

Hi there,

Firstly, I would get to a known clean PC and change your account's password and secret question/answer. Do not access that account again, from your current PC, until I've given you the all clear.

Next...

:step1: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


:step2: We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 09 February 2012 - 08:06 PM

ok i will get to is asap thanks

#4 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 12 February 2012 - 08:35 PM

Hey i ran tds killer and it didnt find any thing. Here are the otl logs.

OTL logfile created on: 2/12/2012 7:27:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\franks\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 55.31% Memory free
5.50 Gb Paging File | 3.67 Gb Available in Paging File | 66.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.13 Gb Total Space | 533.05 Gb Free Space | 91.10% Space Free | Partition Type: NTFS
Drive D: | 10.94 Gb Total Space | 1.59 Gb Free Space | 14.54% Space Free | Partition Type: NTFS

Computer Name: FRANKS-PC | User Name: franks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/12 19:26:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\franks\Downloads\OTL.exe
PRC - [2012/02/12 19:21:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/28 06:37:51 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 02:32:44 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/09 19:13:30 | 001,154,848 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/11/09 17:53:00 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/11/02 06:13:26 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
PRC - [2009/12/01 22:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/24 20:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/06/03 13:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/04/09 15:19:08 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/12 19:21:55 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/12/01 22:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/03 13:43:14 | 001,703,936 | ---- | M] () -- C:\Users\franks\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2009/06/03 13:34:18 | 003,764,224 | ---- | M] () -- C:\Users\franks\AppData\Roaming\PictureMover\Bin\Core.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 17:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/09 15:29:24 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/04/09 15:19:08 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/28 06:37:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 02:32:44 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 17:53:00 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/23 23:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/28 06:37:55 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 06:37:55 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/30 11:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/09 15:21:36 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/04/09 15:21:32 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/04/09 15:21:30 | 000,165,960 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009/04/09 15:18:04 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/04/09 15:10:34 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4076389880-4202629210-3821509172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-4076389880-4202629210-3821509172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-4076389880-4202629210-3821509172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/12 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/26 10:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/12/29 08:27:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

[2010/07/01 17:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\franks\AppData\Roaming\Mozilla\Extensions
[2012/01/06 06:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\franks\AppData\Roaming\Mozilla\Firefox\Profiles\tj0mlze5.default\extensions
[2011/11/12 20:25:44 | 000,002,567 | ---- | M] () -- C:\Users\franks\AppData\Roaming\Mozilla\Firefox\Profiles\tj0mlze5.default\searchplugins\askcom.xml
[2012/01/02 16:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/01 18:29:13 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
() (No name found) -- C:\USERS\FRANKS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TJ0MLZE5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/12 19:21:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/03 12:14:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/03 12:14:27 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-4076389880-4202629210-3821509172-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-4076389880-4202629210-3821509172-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4076389880-4202629210-3821509172-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Handy Password: Clear Fields - res://C:\Program Files (x86)\Handy Password\handypasswordtoolbar.dll/menu_clear.html File not found
O8 - Extra context menu item: Handy Password: Clear Fields - res://C:\Program Files (x86)\Handy Password\handypasswordtoolbar.dll/menu_clear.html File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{928B613C-4913-4ED3-B806-CE1091E609DA}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/12 19:13:29 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{7F95EC57-3C0D-402D-9022-A03232062870}
[2012/02/12 19:13:07 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{200F767D-FBA3-49F4-BD7D-6EB0A7833CC3}
[2012/02/12 07:12:42 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{E00EF2AB-3CF1-48ED-A8D6-93C063089697}
[2012/02/11 16:01:44 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{6D3FCA2C-59DB-4D90-BCC2-43F3D6FBD7A2}
[2012/02/11 03:41:34 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{E6FDBF42-5640-4122-B3A3-D58CF48C17A8}
[2012/02/10 10:05:59 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{4D92A726-BCA9-4C75-9CE3-0A520F50AD43}
[2012/02/09 22:05:23 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{80F6B8A2-9055-4E13-A605-0D9087FCD04F}
[2012/02/09 22:05:09 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{DAC5FC4F-40DF-42A3-A8D9-598E23D2CEB9}
[2012/02/09 10:15:24 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\franks\Desktop\TDSSKiller.exe
[2012/02/09 08:05:36 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{EAD3A6C5-C7AF-44C3-A9C9-2937D8E323F7}
[2012/02/08 20:05:00 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{9B641354-EC23-461B-B5A6-473E1DF392CB}
[2012/02/08 08:04:25 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{F3F7C4AB-0923-4EA1-A350-8B80D7BAD331}
[2012/02/07 20:03:48 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{E63A6A9A-438C-4EB1-AE1F-438AEF110BB4}
[2012/02/07 08:03:12 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{56DDD11B-77E7-4C56-8800-CD8F2C7AB91D}
[2012/02/07 07:52:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/07 07:52:38 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/06 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{87CA9839-CD02-40A2-86D9-9680008C3EA3}
[2012/02/06 16:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/02/06 16:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/02/06 08:01:59 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{773CE16B-E28E-4A93-928C-9085EE7A2AD3}
[2012/02/05 20:01:23 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{C29AC129-D845-4585-A0E3-6D33DF6FE055}
[2012/02/05 08:00:47 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{1DB3D078-FD5E-44A2-A015-8CBEACA37FD8}
[2012/02/04 20:00:11 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{95142DEB-96CF-498B-B16A-A14F81C310A5}
[2012/02/04 07:59:34 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{5D071566-B4B6-435C-9754-16B81AE6466A}
[2012/02/03 19:58:58 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{BCB9D701-8269-4BC1-8782-3D7D1771363E}
[2012/02/03 13:16:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\franks\Desktop\dds.scr
[2012/02/03 07:58:22 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{F604FDAB-7E12-4CD5-B342-275ACAD95132}
[2012/02/02 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{B7B8414E-28B8-41C6-B8F9-5803F76DBAEF}
[2012/02/02 07:24:19 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{1E4D4B8C-5E36-4172-A691-7E367DCDF642}
[2012/02/01 19:23:53 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{C2E4AAF6-AFFC-46E3-BF8A-EB5E8D4D01F9}
[2012/02/01 19:23:30 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{37894DEE-C369-45C8-81C6-075DD40D93C9}
[2012/02/01 07:23:03 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{ECB8BCDD-3A36-4825-A25C-5CD97BEE8DE7}
[2012/02/01 07:22:41 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{DA47B4B9-CA51-42CC-946E-0B753CD1953D}
[2012/02/01 02:01:45 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\ElevatedDiagnostics
[2012/01/31 19:22:14 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{E7CAD660-E26B-486B-85B0-FBBDABB9C28B}
[2012/01/31 07:48:45 | 000,000,000 | ---D | C] -- C:\Users\franks\Documents\My Scans
[2012/01/31 07:21:39 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{DDC73574-E105-449E-BDCE-F2FFFF53865B}
[2012/01/30 19:21:04 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{DEC89939-8D03-44B3-A829-D4B03C867703}
[2012/01/30 07:20:28 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{AFF0B1E4-8A63-46AD-8645-F2DC7863C024}
[2012/01/29 19:19:51 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{79D4327E-FC2E-4EB3-8B73-90ACE287752B}
[2012/01/29 07:19:14 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{57C60552-EE20-4B2C-B3BF-6D971389731C}
[2012/01/28 19:18:38 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{F4F6438E-82D4-411C-A649-29A8B4C8D86A}
[2012/01/28 07:18:12 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{0EFC302F-4603-49C3-B5EB-AE177467AF47}
[2012/01/27 19:17:35 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{841EFEC1-A052-4FCC-BD61-3619E89C9BAB}
[2012/01/27 06:46:37 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{CC69CD2B-68E2-407F-8A4A-6C400528214B}
[2012/01/26 18:46:01 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{306ABB03-5725-420D-93E5-F9078EE3BF2B}
[2012/01/26 18:45:38 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{9A0ED747-67EC-4161-B657-04C8D7B394AC}
[2012/01/26 08:32:42 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\HP
[2012/01/26 08:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012/01/26 08:30:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/01/26 06:45:11 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{5AE5841F-E6E0-413E-9046-70FFE5766EDD}
[2012/01/26 06:44:49 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{B802E64C-6E42-42E4-B01F-D904BDEFB683}
[2012/01/25 18:52:30 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/25 18:52:29 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/25 18:52:29 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/25 18:52:29 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/25 18:52:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/25 18:52:29 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/25 18:44:22 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{D7807A14-2759-4403-ACEF-6B50B329D493}
[2012/01/25 18:43:59 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{CD79CAC9-097B-4854-B7F8-CC2FF8046D04}
[2012/01/25 10:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012/01/25 08:11:58 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Roaming\HP
[2012/01/25 08:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2012/01/25 08:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2012/01/25 08:08:29 | 000,000,000 | ---D | C] -- C:\Windows\hpojj4500
[2012/01/25 08:08:04 | 000,235,008 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\SysWow64\hpzc35mu.dll
[2012/01/25 08:08:04 | 000,130,560 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpz3l5mu.dll
[2012/01/25 08:08:03 | 000,671,816 | ---- | C] (HP) -- C:\Windows\SysNative\hpcdmc32.dll
[2012/01/25 08:07:51 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012/01/25 08:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/01/25 08:05:23 | 000,944,128 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpwwiax4.dll
[2012/01/25 08:05:23 | 000,740,864 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwtscl3.dll
[2012/01/25 08:05:23 | 000,359,256 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2012/01/25 08:05:22 | 000,488,960 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpovst11.dll
[2012/01/24 21:25:36 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{3D1338D7-295B-451C-B2A5-D1341106C902}
[2012/01/24 09:25:00 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{D3EA34DD-754D-4BF3-A3B2-CD456D2D5D43}
[2012/01/23 21:24:22 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{0905F21B-F596-4E5C-BA4F-17940FA68C5B}
[2012/01/23 09:23:46 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{C79C35F3-1F23-455E-8C62-A8D412B20D4B}
[2012/01/22 21:23:09 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{527958A9-921A-4C63-9147-B847DFC0863E}
[2012/01/22 21:22:46 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{FDE8D5EA-9B70-400D-AD03-96A4FBDFFCB4}
[2012/01/22 09:22:21 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{FB2836BC-9531-4A2C-B2B1-52168C24B71D}
[2012/01/21 21:21:56 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{34012EE6-4952-4536-B9FF-8D69A11D5813}
[2012/01/21 09:19:23 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{B50F0D71-F5F6-4CC0-A2FF-AD826E543CC8}
[2012/01/20 21:18:48 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{1F930367-5809-4724-85F7-1C88CB2AD810}
[2012/01/20 08:45:12 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{ACE08098-A8AB-4DA6-8AD2-1582F7EE2396}
[2012/01/20 08:44:49 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{1CB21A73-04CA-4375-A0F1-6C03F7EBD967}
[2012/01/19 20:44:24 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{973282E9-C560-42DD-9A76-21B76E886BB0}
[2012/01/19 08:43:48 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{CF74180A-A779-48AE-B6EC-F7926334C578}
[2012/01/18 20:43:12 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{292672BC-55B0-4DED-907C-5CE5B1E53B32}
[2012/01/18 08:42:36 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{D6663ABF-D3C0-4D0A-9091-6C368016BA2F}
[2012/01/17 20:42:01 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{D0D48904-817B-432A-801F-B7BB5627E20F}
[2012/01/17 08:41:36 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{75F91702-7A53-46FE-845E-569C6B2CED5E}
[2012/01/16 20:41:12 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{66306CB1-F8C3-46F3-9B76-1250F7A5CCA6}
[2012/01/16 08:40:47 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{B32E1344-9F1A-44AE-B182-75C12C9B325B}
[2012/01/15 20:40:21 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{5E4AFA9A-927A-47B2-887F-DBF8D61F5F12}
[2012/01/15 08:39:56 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{7E85F3E8-26CC-4E6F-BE63-8516053D7868}
[2012/01/14 20:39:32 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{78661845-FF13-459C-A913-71CFB4C955EE}
[2012/01/14 08:39:07 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{24A399C7-498F-481D-B1B8-D1BC082E5170}
[2012/01/13 20:38:41 | 000,000,000 | ---D | C] -- C:\Users\franks\AppData\Local\{578DC4B9-C2A4-4B45-9C3F-40CDCFA53A17}
[1 C:\Users\franks\AppData\Local\*.tmp files -> C:\Users\franks\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/12 19:27:42 | 000,001,160 | ---- | M] () -- C:\Users\franks\Desktop\tdsskiller - Shortcut.lnk
[2012/02/12 19:27:13 | 000,002,526 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/02/12 19:27:03 | 000,001,107 | ---- | M] () -- C:\Users\franks\Desktop\OTL - Shortcut.lnk
[2012/02/12 19:25:49 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\franks\Desktop\TDSSKiller.exe
[2012/02/12 17:23:21 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 17:23:21 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 17:15:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/12 17:15:42 | 2213,404,672 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/12 17:05:17 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/02/09 10:45:06 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/09 10:36:50 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForfranks.job
[2012/02/07 07:52:39 | 000,002,981 | ---- | M] () -- C:\Users\franks\Desktop\HiJackThis.lnk
[2012/02/06 16:28:32 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/02/03 13:17:15 | 000,001,111 | ---- | M] () -- C:\Users\franks\Desktop\dds - Shortcut.lnk
[2012/02/03 13:16:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\franks\Desktop\dds.scr
[2012/02/03 12:14:33 | 000,002,050 | ---- | M] () -- C:\Users\franks\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/26 20:22:25 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/26 08:43:06 | 000,366,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/26 08:32:01 | 000,224,087 | ---- | M] () -- C:\Windows\hpwins19.dat
[2012/01/26 08:30:52 | 000,001,277 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/01/26 08:29:50 | 000,002,061 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/01/26 08:29:32 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2012/01/25 10:41:49 | 000,163,885 | ---- | M] () -- C:\Windows\hpwins19.dat.temp
[1 C:\Users\franks\AppData\Local\*.tmp files -> C:\Users\franks\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/12 19:27:42 | 000,001,160 | ---- | C] () -- C:\Users\franks\Desktop\tdsskiller - Shortcut.lnk
[2012/02/12 19:27:03 | 000,001,107 | ---- | C] () -- C:\Users\franks\Desktop\OTL - Shortcut.lnk
[2012/02/07 07:52:39 | 000,002,981 | ---- | C] () -- C:\Users\franks\Desktop\HiJackThis.lnk
[2012/02/06 16:35:52 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForfranks.job
[2012/02/06 16:28:32 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/02/03 13:17:15 | 000,001,111 | ---- | C] () -- C:\Users\franks\Desktop\dds - Shortcut.lnk
[2012/01/26 20:22:25 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/26 08:30:52 | 000,001,277 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/01/26 08:30:33 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/01/26 08:29:50 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/01/26 08:29:32 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2012/01/25 10:40:24 | 000,163,885 | ---- | C] () -- C:\Windows\hpwins19.dat.temp
[2012/01/25 10:40:24 | 000,000,253 | ---- | C] () -- C:\Windows\hpwmdl19.dat.temp
[2012/01/25 08:06:37 | 000,224,087 | ---- | C] () -- C:\Windows\hpwins19.dat
[2012/01/25 08:06:37 | 000,000,673 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2011/12/07 17:21:41 | 000,445,539 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpSARAH,S VILIN PLAY 017.0
[2011/12/07 17:21:41 | 000,156,782 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpSARAH,S VILIN PLAY 017.JPG
[2011/10/04 06:33:13 | 000,082,419 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 082.JPG
[2011/09/30 07:53:17 | 000,148,370 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 120.JPG
[2011/09/30 07:49:38 | 000,090,140 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 110.1
[2011/09/30 07:49:36 | 000,090,105 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 110.JPG
[2011/09/30 07:49:35 | 000,154,735 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 110.0
[2011/09/30 07:49:17 | 000,094,647 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 109.1
[2011/09/30 07:49:14 | 000,160,523 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 109.0
[2011/09/30 07:49:14 | 000,094,595 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 109.JPG
[2011/09/30 07:48:05 | 000,081,579 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 103.1
[2011/09/30 07:48:02 | 000,142,271 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 103.0
[2011/09/30 07:48:02 | 000,081,508 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 103.JPG
[2011/09/30 07:47:43 | 000,098,117 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 102.1
[2011/09/30 07:47:38 | 000,163,792 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 102.0
[2011/09/30 07:47:38 | 000,098,066 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 102.JPG
[2011/09/30 07:47:35 | 000,013,058 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 102_navi.JPG
[2011/09/30 07:46:10 | 000,078,558 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 088.1
[2011/09/30 07:46:08 | 000,134,352 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 088.0
[2011/09/30 07:46:08 | 000,078,525 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 088.JPG
[2011/09/30 07:44:39 | 000,074,494 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 083.1
[2011/09/30 07:44:36 | 000,132,303 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 083.0
[2011/09/30 07:44:36 | 000,074,464 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 083.JPG
[2011/09/30 07:44:09 | 000,082,470 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 082.1
[2011/09/30 07:44:05 | 000,140,961 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 082.0
[2011/09/30 07:43:41 | 000,074,337 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 081.1
[2011/09/30 07:43:38 | 000,265,308 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 081.0
[2011/09/30 07:43:38 | 000,074,315 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 081.JPG
[2011/09/30 07:42:55 | 000,102,789 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 079.1
[2011/09/30 07:42:52 | 000,170,805 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 079.0
[2011/09/30 07:42:52 | 000,102,769 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 079.JPG
[2011/09/30 07:42:23 | 000,096,613 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 078.1
[2011/09/30 07:42:20 | 000,163,951 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 078.0
[2011/09/30 07:42:20 | 000,096,595 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 078.JPG
[2011/09/30 07:41:25 | 000,090,563 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 075.1
[2011/09/30 07:41:22 | 000,152,189 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 075.0
[2011/09/30 07:41:22 | 000,090,534 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 075.JPG
[2011/09/30 07:40:03 | 000,187,117 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 071.0
[2011/09/30 07:40:03 | 000,115,661 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 071.JPG
[2011/09/30 07:39:38 | 000,079,749 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 070.JPG
[2011/09/30 07:35:01 | 000,193,317 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 063.JPG
[2011/09/30 07:33:38 | 000,650,421 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 053.1
[2011/09/30 07:33:35 | 001,035,436 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 053.0
[2011/09/30 07:33:35 | 000,650,145 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 053.JPG
[2011/09/30 07:31:03 | 000,647,921 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 048.1
[2011/09/30 07:31:00 | 001,191,749 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 048.0
[2011/09/30 07:31:00 | 000,647,730 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 048.JPG
[2011/09/30 07:29:23 | 001,025,757 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 046.JPG
[2011/09/30 07:28:47 | 000,813,054 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 045.2
[2011/09/30 07:28:44 | 000,813,296 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 045.1
[2011/09/30 07:28:41 | 000,984,069 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 045.0
[2011/09/30 07:28:41 | 000,813,045 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 045.JPG
[2011/09/30 07:28:37 | 000,011,517 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 045_navi.JPG
[2011/09/30 07:19:53 | 000,160,651 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 019.JPG
[2011/09/30 07:17:59 | 000,086,017 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 014.3
[2011/09/30 07:17:47 | 000,086,038 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 014.2
[2011/09/30 07:17:45 | 000,086,087 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 014.1
[2011/09/30 07:17:42 | 000,148,221 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 014.0
[2011/09/30 07:17:42 | 000,086,026 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 014.JPG
[2011/09/30 06:51:31 | 000,515,045 | ---- | C] () -- C:\Users\franks\AppData\Local\tmp072.4
[2011/09/30 06:51:28 | 000,514,971 | ---- | C] () -- C:\Users\franks\AppData\Local\tmp072.3
[2011/09/30 06:51:25 | 000,514,860 | ---- | C] () -- C:\Users\franks\AppData\Local\tmp072.2
[2011/09/30 06:51:22 | 000,514,926 | ---- | C] () -- C:\Users\franks\AppData\Local\tmp072.1
[2011/09/30 06:51:19 | 000,985,346 | ---- | C] () -- C:\Users\franks\AppData\Local\tmp072.0
[2011/09/30 06:51:19 | 000,515,051 | ---- | C] () -- C:\Users\franks\AppData\Local\tmp072.JPG
[2011/08/28 09:19:08 | 000,079,759 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 070.1
[2011/08/28 09:19:07 | 000,213,779 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpPARTY 070.0
[2011/08/11 13:26:26 | 000,588,020 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpDSCF4153.JPG
[2011/08/11 13:26:26 | 000,012,098 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpDSCF4153_navi.JPG
[2011/08/05 10:26:36 | 000,014,094 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpNEW 014_navi.JPG
[2011/08/05 10:26:26 | 001,709,261 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpNEW 014.4
[2011/08/05 10:26:23 | 000,609,027 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpNEW 014.3
[2011/08/05 10:26:23 | 000,604,425 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpNEW 014.2
[2011/08/05 10:26:22 | 000,609,091 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpNEW 014.1
[2011/08/05 10:26:20 | 000,612,535 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpNEW 014.JPG
[2011/08/05 10:26:19 | 001,709,261 | ---- | C] () -- C:\Users\franks\AppData\Local\tmpNEW 014.0
[2011/05/15 06:54:28 | 000,001,854 | ---- | C] () -- C:\Users\franks\AppData\Roaming\GhostObjGAFix.xml
[2011/03/08 06:50:16 | 000,012,623 | ---- | C] () -- C:\Users\franks\AppData\Local\tmp3NB3K93PA5V65Q65R0ABSAFC8F067DEBF15D1.JPG
[2010/12/15 07:04:38 | 000,015,133 | ---- | C] () -- C:\Users\franks\AppData\Local\tmp3NB3K93PA5V65Q65R0ABSAFC8F067DEBF15D1.4
[2010/12/13 06:57:44 | 000,015,440 | ---- | C] () -- C:\Users\franks\AppData\Local\tmp3NB3K93PA5V65Q65R0ABSAFC8F067DEBF15D1.3
[2010/12/13 06:57:43 | 000,014,311 | ---- | C] () -- C:\Users\franks\AppData\Local\tmp3NB3K93PA5V65Q65R0ABSAFC8F067DEBF15D1.2
[2010/12/13 06:57:42 | 000,012,623 | ---- | C] () -- C:\Users\franks\AppData\Local\tmp3NB3K93PA5V65Q65R0ABSAFC8F067DEBF15D1.1
[2010/12/13 06:57:41 | 000,008,492 | ---- | C] () -- C:\Users\franks\AppData\Local\tmp3NB3K93PA5V65Q65R0ABSAFC8F067DEBF15D1.0
[2010/07/06 17:18:39 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/07/02 00:19:54 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/07/01 17:51:12 | 000,006,286 | ---- | C] () -- C:\Users\franks\AppData\Roaming\wklnhst.dat
[2009/09/29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >
OTL Extras logfile created on: 2/12/2012 7:27:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\franks\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 55.31% Memory free
5.50 Gb Paging File | 3.67 Gb Available in Paging File | 66.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.13 Gb Total Space | 533.05 Gb Free Space | 91.10% Space Free | Partition Type: NTFS
Drive D: | 10.94 Gb Total Space | 1.59 Gb Free Space | 14.54% Space Free | Partition Type: NTFS

Computer Name: FRANKS-PC | User Name: franks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4076389880-4202629210-3821509172-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB8A5373-8AE1-410A-83F5-51560464CC95}" = ESET Smart Security
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = HP Officejet J4500 Series
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A419-40A5-BD20-04BF618CA0F9}" = QuickBooks Simple Start 2010 Free Edition
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 30
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5169D2E2-0B94-3320-8C7A-718F92BE20CE}" = Microsoft Visual Basic PowerPacks 1.2
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0a499aeb-c9e3-42cf-a29d-986955de7af7" = iCarly - iDream in Toons
"WTA-0e53086e-dddd-406c-98eb-6200a2fd3a7a" = Cradle Of Egypt Collector's Edition
"WTA-17251b71-4f87-4070-ab39-1422222256d2" = Enchanted Cavern 2
"WTA-20eb9e3d-c3ff-4d04-8b96-4e35078283fd" = Tropical Fish Shop - Annabels Adventure
"WTA-22e5a991-773e-4b85-b9a2-be48cadd5663" = Overball
"WTA-3e01be3a-57fb-4e02-925d-194be0856e7c" = Super Granny 5
"WTA-737e919a-7e19-4a7d-b751-f462c0dace47" = Jojo's Fashion Show 2 - Las Cruces
"WTA-9a6c26b3-9975-4dc7-bd19-c4a61995b9f0" = Bejeweled 3
"WTA-d4b0154b-aea4-4fd1-a971-92d6220b3b65" = Jojo's Fashion Show World Tour
"WTA-e6f0abbc-0243-4545-8188-0c6ec257ae39" = Farm Craft 2: Global Vegetable Crisis
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:06 AM

Posted 13 February 2012 - 11:07 AM

Hi,

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#6 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 14 February 2012 - 07:42 PM

Here is the combofix log.

Attached Files



#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:06 AM

Posted 16 February 2012 - 11:21 AM

Hi there,

Those logs look fine. It could well be that you account had been compromised on another PC or physically hacked. Having changed your password and secret question, you should now have re-secured your account and should have noticed that your account has stopped sending the emails?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 18 February 2012 - 03:15 PM

Hello, i have changed my password again and i just noticed that there is a bunch of new sent emails in the sent folder that i did not make my self.

#9 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:06 AM

Posted 20 February 2012 - 08:47 AM

Hi,

That's a bit puzzling. Do you routinely access your email account from any other PC (particularly did you access it from another PC after changing your password)?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#10 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 20 February 2012 - 05:33 PM

no, i only use this computer to check my emails. It hasnt sent any more emails yet .

#11 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:06 AM

Posted 21 February 2012 - 06:51 AM

Ok, well please keep monitoring the situation over the next couple of days and let me know if any more emails are sent.

In the meantime:

:step1: Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

:step2: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:06 AM

Posted 25 February 2012 - 05:25 AM

Hi,

This is a 3 day bump.

Hopefully you're still with me but please be aware that if there is no reply within two days, then this topic will be closed as stale.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#13 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:06 AM

Posted 28 February 2012 - 04:07 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users