Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan:JS/BlacoleRef.T

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan:JS/BlacoleRef.T

Unread postby estheblessed » January 5th, 2012, 7:08 pm

Hi,

Microsoft security essentials recently alerted me of the following: Trojan:JS/BlacoleRef.T - I tried to remove but I think it is still there and causing problems.

Here is the DDS report:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by JEZ at 23:03:59 on 2012-01-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4009.2036 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\JEZ\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\notepad.exe
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nmd.msn.com
uDefault_Page_URL = hxxp://nmd.msn.com
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\JEZ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C50B204A-645F-43B4-B0E3-4E4621D82BD4} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JEZ\AppData\Roaming\Mozilla\Firefox\Profiles\ijgoc6n3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\JEZ\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 ioatdma;Intel(R) QuickData Technology device;C:\windows\system32\Drivers\ioatdma.sys --> C:\windows\system32\Drivers\ioatdma.sys [?]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver;C:\windows\system32\drivers\xfiltx64.sys --> C:\windows\system32\drivers\xfiltx64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-1 13336]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\windows\system32\drivers\AmUStor.SYS --> C:\windows\system32\drivers\AmUStor.SYS [?]
S3 dc21x4vm;dc21x4vm;C:\windows\system32\DRIVERS\dc21x4vm.sys --> C:\windows\system32\DRIVERS\dc21x4vm.sys [?]
S3 EUCR;EUCR;C:\windows\system32\drivers\EUCR6SK.SYS --> C:\windows\system32\drivers\EUCR6SK.SYS [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 hidshim;Service for HID-KMDF Shim layer;C:\windows\system32\drivers\hidshim.sys --> C:\windows\system32\drivers\hidshim.sys [?]
S3 IFCoEMP;IFCoEMP;C:\windows\system32\drivers\ifM60x64.sys --> C:\windows\system32\drivers\ifM60x64.sys [?]
S3 IFCoEVB;IFCoEVB;C:\windows\system32\drivers\ifP60X64.sys --> C:\windows\system32\drivers\ifP60X64.sys [?]
S3 Impcd;Impcd;C:\windows\system32\drivers\Impcd.sys --> C:\windows\system32\drivers\Impcd.sys [?]
S3 ioatdma1;ioatdma1;C:\windows\system32\Drivers\qd162x64.sys --> C:\windows\system32\Drivers\qd162x64.sys [?]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\windows\system32\Drivers\qd262x64.sys --> C:\windows\system32\Drivers\qd262x64.sys [?]
S3 itecir;ITECIR Infrared Receiver;C:\windows\system32\drivers\itecir.sys --> C:\windows\system32\drivers\itecir.sys [?]
S3 johci;JMicron 1394 Filter Driver;C:\windows\system32\drivers\johci.sys --> C:\windows\system32\drivers\johci.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 mv91cons;mv91cons;C:\windows\system32\drivers\mv91cons.sys --> C:\windows\system32\drivers\mv91cons.sys [?]
S3 mv91xx;mv91xx;C:\windows\system32\drivers\mv91xx.sys --> C:\windows\system32\drivers\mv91xx.sys [?]
S3 nvamacpi;nvamacpi;C:\windows\system32\drivers\NVAMACPI.sys --> C:\windows\system32\drivers\NVAMACPI.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 vcrdrx64;VIA MSP Card Reader Host Controller;C:\windows\system32\drivers\vcrdrx64.sys --> C:\windows\system32\drivers\vcrdrx64.sys [?]
S3 videX64;videX64;C:\windows\system32\drivers\videX64.sys --> C:\windows\system32\drivers\videX64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wbondir;Winbond CIR Transceiver;C:\windows\system32\drivers\wbondir.sys --> C:\windows\system32\drivers\wbondir.sys [?]
S3 winbondcir;Winbond IR Transceiver;C:\windows\system32\drivers\winbondcir.sys --> C:\windows\system32\drivers\winbondcir.sys [?]
S3 winbondhidcir;Winbond HID CIR Receiver;C:\windows\system32\drivers\winbondhidcir.sys --> C:\windows\system32\drivers\winbondhidcir.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-05 22:38:13 -------- d-----w- C:\Users\JEZ\AppData\Local\{3597AAFC-B915-482D-B4C3-54258017F14B}
2012-01-05 22:38:03 -------- d-----w- C:\Users\JEZ\AppData\Local\{B3D1F725-6DDB-418A-A0B9-E77D7201A0F3}
2012-01-05 22:33:28 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64BEC090-07A9-43EF-87FE-098A0EF16C36}\offreg.dll
2012-01-05 22:33:26 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64BEC090-07A9-43EF-87FE-098A0EF16C36}\mpengine.dll
2012-01-04 20:00:23 -------- d-----w- C:\Users\JEZ\AppData\Local\{FA09404C-411C-47D2-99C3-8174567DE93F}
2012-01-04 20:00:12 -------- d-----w- C:\Users\JEZ\AppData\Local\{F924BE2B-29D9-4200-8CAF-D17D6AAD6989}
2012-01-03 18:45:34 -------- d-----w- C:\Users\JEZ\AppData\Local\{931086E3-D6FE-42BD-A273-F874ECD25117}
2012-01-03 18:45:24 -------- d-----w- C:\Users\JEZ\AppData\Local\{62688939-3710-4ED5-98C9-2A1AEA5C5984}
2012-01-02 13:55:16 -------- d-----w- C:\Users\JEZ\AppData\Local\{06EEDDEC-BB35-4A31-82AF-B5ABEF127646}
2012-01-02 13:55:06 -------- d-----w- C:\Users\JEZ\AppData\Local\{3975F66B-4431-4CEF-BB6F-48AF7AB023BD}
2012-01-01 13:49:02 -------- d-----w- C:\Users\JEZ\AppData\Local\{09C8B0BE-66E6-4731-A668-D276732A687F}
2012-01-01 13:48:52 -------- d-----w- C:\Users\JEZ\AppData\Local\{EFAEEA87-027C-49E2-ADC3-CFC510D48C5A}
2012-01-01 01:03:29 -------- d-----w- C:\Users\JEZ\AppData\Local\{D4E39340-497D-4AC4-8278-CFF5E1908058}
2012-01-01 01:03:19 -------- d-----w- C:\Users\JEZ\AppData\Local\{A21D805A-16DC-454D-A566-9D6DDA2D5CCC}
2011-12-31 12:25:38 -------- d-----w- C:\Users\JEZ\AppData\Local\{29EFEDB9-5220-42E2-A3F5-330D7D07EFB0}
2011-12-30 11:57:00 -------- d-----w- C:\Users\JEZ\AppData\Local\{D7E7C854-ED86-497D-BFD3-8A16BB4A52AA}
2011-12-30 11:56:50 -------- d-----w- C:\Users\JEZ\AppData\Local\{7D7B6721-05F3-4892-84EB-3FCED415213D}
2011-12-29 21:14:15 -------- d-----w- C:\Users\JEZ\AppData\Local\{3B4F9A7F-8C67-43B9-81A0-3D94DB3224AB}
2011-12-29 21:14:05 -------- d-----w- C:\Users\JEZ\AppData\Local\{A371C8F2-620F-4780-86EA-0293FDB63821}
2011-12-28 21:12:22 -------- d-----w- C:\Users\JEZ\AppData\Local\{24C01338-1EC3-4439-952B-8A3B795ED32F}
2011-12-28 21:12:10 -------- d-----w- C:\Users\JEZ\AppData\Local\{BE049017-A0C3-421E-A993-EA64E26E75B8}
2011-12-28 19:17:26 -------- d-----w- C:\Users\JEZ\AppData\Local\{38C0B08B-2A50-45A3-86BE-51EACF98D8BE}
2011-12-28 12:40:48 -------- d-----w- C:\Users\JEZ\AppData\Local\{3A0C79F1-DEE6-4AA6-A391-B9600FDB06DF}
2011-12-26 11:55:13 -------- d-----w- C:\Users\JEZ\AppData\Local\{2930F6A4-E811-4F0C-9197-DBDA6E5AC35C}
2011-12-26 11:55:03 -------- d-----w- C:\Users\JEZ\AppData\Local\{63651A93-B563-4E6A-864C-02AA39652F55}
2011-12-25 21:32:24 -------- d-----w- C:\Users\JEZ\AppData\Local\{96F424C3-D1CC-46CE-8E23-948382908F93}
2011-12-25 21:32:14 -------- d-----w- C:\Users\JEZ\AppData\Local\{66910462-0FC7-4508-93F8-31566AE23E21}
2011-12-24 13:50:32 -------- d-----w- C:\Users\JEZ\AppData\Local\{EA41A69E-5DF8-4A02-A047-318A97C40CE8}
2011-12-24 13:50:22 -------- d-----w- C:\Users\JEZ\AppData\Local\{588381AF-FB46-435C-9504-A05B41ADCCC1}
2011-12-23 11:06:43 -------- d-----w- C:\Users\JEZ\AppData\Local\{572F3FE8-5DD9-493A-A95C-7C47CA28C36C}
2011-12-23 11:06:33 -------- d-----w- C:\Users\JEZ\AppData\Local\{2A3EAD09-045C-437A-B911-9CBC61A10C3C}
2011-12-22 23:06:09 -------- d-----w- C:\Users\JEZ\AppData\Local\{D1A57B5E-F3B9-4207-A448-33CA722E7B7F}
2011-12-22 23:06:00 -------- d-----w- C:\Users\JEZ\AppData\Local\{5F414DFC-448F-4BF9-812B-74B2766DA0DF}
2011-12-22 10:27:25 -------- d-----w- C:\Users\JEZ\AppData\Local\{8A2876FF-20F4-4E1C-8393-EF74B00F9673}
2011-12-22 10:27:15 -------- d-----w- C:\Users\JEZ\AppData\Local\{3C4AC7FC-B1F9-486F-A749-7CCAFAC5B7B1}
2011-12-20 18:22:39 -------- d-----w- C:\Users\JEZ\AppData\Local\{243C6DF9-FE60-4ACE-8D95-55FF84D3290E}
2011-12-20 18:22:28 -------- d-----w- C:\Users\JEZ\AppData\Local\{33F537DC-2262-4E33-B11A-FF2B17C1B257}
2011-12-19 21:58:05 -------- d-----w- C:\Users\JEZ\AppData\Local\{E2B8FB82-95EA-443F-96A9-EAEE16FECA8F}
2011-12-19 21:57:55 -------- d-----w- C:\Users\JEZ\AppData\Local\{40162461-79BF-427D-9547-7FFBB416E05F}
2011-12-18 21:37:41 -------- d-----w- C:\Users\JEZ\AppData\Local\{4125149B-537E-4CD2-8F1A-F8D86C8938DD}
2011-12-18 14:30:37 -------- d-----w- C:\Users\JEZ\AppData\Local\{EDF7E1AF-BED4-4344-8AFA-271137388AE6}
2011-12-18 11:39:35 -------- d-----w- C:\Users\JEZ\AppData\Local\{F76BF960-A144-43EE-931C-BBB0E42828D6}
2011-12-17 12:08:22 -------- d-----w- C:\Users\JEZ\AppData\Local\{D72952C1-1987-4228-8716-67F4D76C07B4}
2011-12-17 12:08:12 -------- d-----w- C:\Users\JEZ\AppData\Local\{0EDF5DD8-8062-428A-A318-98BBB0446AB4}
2011-12-16 18:15:30 -------- d-----w- C:\Users\JEZ\AppData\Local\{07530D7E-250E-45FB-86C7-3CF2CA7880F6}
2011-12-16 18:15:20 -------- d-----w- C:\Users\JEZ\AppData\Local\{8FE4A4CF-9293-488E-B47D-F1F4FE2004D5}
2011-12-15 21:05:54 -------- d-----w- C:\Users\JEZ\AppData\Local\{483AB780-79A8-4B69-8445-29978ACABC41}
2011-12-15 21:05:44 -------- d-----w- C:\Users\JEZ\AppData\Local\{604CFE26-F661-49E0-AFC5-500825D168A3}
2011-12-14 18:44:32 -------- d-----w- C:\Users\JEZ\AppData\Local\{FDCA399E-D30B-4AA4-8834-9E7B6CF1EBD0}
2011-12-14 18:44:22 -------- d-----w- C:\Users\JEZ\AppData\Local\{0D288DB2-E0C4-4C0E-87C8-CFB1ACE70F91}
2011-12-14 18:39:22 43520 ----a-w- C:\windows\System32\csrsrv.dll
2011-12-14 18:39:20 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-12-14 18:39:19 723456 ----a-w- C:\windows\System32\EncDec.dll
2011-12-14 18:39:18 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-12-14 18:39:17 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-12-14 18:39:17 2048 ----a-w- C:\windows\System32\tzres.dll
2011-12-12 19:10:54 -------- d-----w- C:\Users\JEZ\AppData\Local\{A4CCABE7-0132-45FB-9EFA-38D5AFB033D3}
2011-12-12 19:10:44 -------- d-----w- C:\Users\JEZ\AppData\Local\{DFB7EBBE-B97D-4B47-AD8F-C5EFA00F8CD5}
2011-12-11 11:25:16 -------- d-----w- C:\Users\JEZ\AppData\Local\{4E4F6826-52A4-4AED-BEFF-DB47E13AB8B1}
2011-12-11 11:25:06 -------- d-----w- C:\Users\JEZ\AppData\Local\{AB33095E-51D3-4E5A-A210-B26CE4EF4B81}
2011-12-10 12:46:22 -------- d-----w- C:\Users\JEZ\AppData\Local\{88BF0908-C8B2-493D-87E5-9B0D20CC56F4}
2011-12-10 12:46:12 -------- d-----w- C:\Users\JEZ\AppData\Local\{4E35C0DE-D644-44E9-825A-6CF69016E11C}
2011-12-09 12:31:35 -------- d-----w- C:\Users\JEZ\.swt
2011-12-09 12:31:34 -------- d-----w- C:\Users\JEZ\AppData\Roaming\Azureus
2011-12-09 12:31:03 -------- d-----w- C:\Program Files (x86)\Vuze
2011-12-09 09:58:10 -------- d-----w- C:\Users\JEZ\AppData\Local\{7DB564BD-0B2B-4F5C-9C7B-29F5055BFE64}
2011-12-09 09:58:00 -------- d-----w- C:\Users\JEZ\AppData\Local\{C694AC67-C510-4A8F-980D-DDC6E63AE9B6}
2011-12-08 12:55:30 -------- d-----w- C:\Users\JEZ\AppData\Local\{7A674F81-778C-4219-AB04-64A51D77EBA4}
2011-12-08 12:55:20 -------- d-----w- C:\Users\JEZ\AppData\Local\{D804C3AF-C9BB-4943-8A20-52F4DB94BB8A}
2011-12-07 21:32:59 -------- d-----w- C:\Users\JEZ\AppData\Local\{A0458F79-F796-40C0-B4B2-5A1E634CECD2}
2011-12-07 21:32:49 -------- d-----w- C:\Users\JEZ\AppData\Local\{B7862B9E-8CED-4DDD-B2F1-9890CCA17922}
2011-12-07 09:32:26 -------- d-----w- C:\Users\JEZ\AppData\Local\{248B5719-9FB9-43F8-8431-67711D3A39AC}
2011-12-07 09:32:16 -------- d-----w- C:\Users\JEZ\AppData\Local\{1303A657-64D4-46DE-9725-20C8EC7A7BA0}
.
==================== Find3M ====================
.
2011-12-10 15:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-11-05 06:47:27 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 23:04:22.73 ===============
estheblessed
Member+
 
Posts: 48
Joined: November 3rd, 2006, 6:32 pm
Advertisement
Register to Remove

Re: Trojan:JS/BlacoleRef.T

Unread postby MWR 3 day Mod » January 9th, 2012, 12:04 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Trojan:JS/BlacoleRef.T

Unread postby diver79 » January 9th, 2012, 1:30 pm

Hi and welcome to MalwareRemoval.com, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems. I am currently in training at the Malware University. All of my instructions need to be checked and approved by a teacher, which may lead to a slight delay.

Before we start please note the following important guidelines.
  • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
  • Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP?
How to backup your data - Vista/Win7

Looking into your logs now. Will post instructions soon...

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Trojan:JS/BlacoleRef.T

Unread postby estheblessed » January 10th, 2012, 4:02 am

I appreciate it diver, look forward to your response.
estheblessed
Member+
 
Posts: 48
Joined: November 3rd, 2006, 6:32 pm

Re: Trojan:JS/BlacoleRef.T

Unread postby diver79 » January 10th, 2012, 1:30 pm

Hi estheblessed,

Please run the following scans and reply back with the requested logs.

Scan with WVCheck:
Please download WVCheck and save it to the desktop.
  • Right click on WVCheck.exe and select Run as Administrator.
  • Follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.


Run CKScanner
  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Scan with OTL
Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Trojan:JS/BlacoleRef.T

Unread postby estheblessed » January 10th, 2012, 6:11 pm

Hi Diver,

Thanks for your response, I have run all of those scans and here are the results.

Windows Validation Check
Version: 1.9.12.5
Log Created On: 2121_10-01-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-01-07 12:22:08
Last Success Time for Update Download: 2011-12-14 18:39:22
Last Success Time for Update Installation: 2011-12-14 22:10:32


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 21/11/2010 3:23:48
Modification; 21/11/2010 3:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 21/11/2010 3:23:48
Modification; 21/11/2010 3:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 21/11/2010 3:24:21
Modification; 21/11/2010 3:24:21
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 21/11/2010 3:23:48
Modification; 21/11/2010 3:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 2128_10-01-2012 --------



CKScanner - Additional Security Risks - These are not necessarily bad
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 adobe.activate.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 hl2rcv.adobe.com
scanner sequence 3.IH.11.KSNAGR
----- EOF -----









OTL Extras logfile created on: 10/01/2012 21:31:27 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\JEZ\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 59.39% Memory free
7.83 Gb Paging File | 6.21 Gb Available in Paging File | 79.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 475.68 Gb Total Space | 417.09 Gb Free Space | 87.68% Space Free | Partition Type: NTFS
Drive E: | 443.33 Gb Total Space | 340.34 Gb Free Space | 76.77% Space Free | Partition Type: NTFS
Drive H: | 1009.72 Mb Total Space | 909.69 Mb Free Space | 90.09% Space Free | Partition Type: FAT

Computer Name: JEZ-PC | User Name: JEZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3914302624-1360635431-3408457340-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"GoToAssist" = GoToAssist Corporate
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SopCast" = SopCast 3.4.0
"WinLiveSuite" = Windows Live Essentials

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3914302624-1360635431-3408457340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 23/12/2011 06:25:15 | Computer Name = JEZ-PC | Source = WinMgmt | ID = 10
Description =

Error - 23/12/2011 06:56:36 | Computer Name = JEZ-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 24/12/2011 09:50:48 | Computer Name = JEZ-PC | Source = WinMgmt | ID = 10
Description =

Error - 24/12/2011 13:04:37 | Computer Name = JEZ-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 25/12/2011 17:33:00 | Computer Name = JEZ-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/12/2011 18:00:58 | Computer Name = JEZ-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 26/12/2011 07:52:08 | Computer Name = JEZ-PC | Source = WinMgmt | ID = 10
Description =

Error - 26/12/2011 17:08:25 | Computer Name = JEZ-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/12/2011 06:56:26 | Computer Name = JEZ-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/12/2011 07:24:22 | Computer Name = JEZ-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

[ System Events ]
Error - 23/12/2011 07:36:25 | Computer Name = JEZ-PC | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 24/12/2011 09:49:16 | Computer Name = JEZ-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 26/12/2011 17:06:51 | Computer Name = JEZ-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 28/12/2011 17:11:45 | Computer Name = JEZ-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 28/12/2011 17:11:45 | Computer Name = JEZ-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 28/12/2011 17:11:49 | Computer Name = JEZ-PC | Source = DCOM | ID = 10005
Description =

Error - 28/12/2011 17:11:49 | Computer Name = JEZ-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 28/12/2011 17:11:49 | Computer Name = JEZ-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 03/01/2012 09:36:58 | Computer Name = JEZ-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 03/01/2012 09:36:58 | Computer Name = JEZ-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >

















OTL logfile created on: 10/01/2012 21:31:27 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\JEZ\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 59.39% Memory free
7.83 Gb Paging File | 6.21 Gb Available in Paging File | 79.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 475.68 Gb Total Space | 417.09 Gb Free Space | 87.68% Space Free | Partition Type: NTFS
Drive E: | 443.33 Gb Total Space | 340.34 Gb Free Space | 76.77% Space Free | Partition Type: NTFS
Drive H: | 1009.72 Mb Total Space | 909.69 Mb Free Space | 90.09% Space Free | Partition Type: FAT

Computer Name: JEZ-PC | User Name: JEZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/01/10 18:04:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\JEZ\Desktop\OTL.exe
PRC - [2010/11/21 03:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/10/15 11:23:13 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ffea70edf9aa81cba6a5be8070d3dd9\IAStorUtil.ni.dll
MOD - [2011/10/15 11:23:13 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll
MOD - [2011/10/14 22:26:48 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/14 22:26:32 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/14 22:26:28 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/14 22:26:26 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/14 22:26:19 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/14 22:26:15 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 22:26:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/14 22:26:12 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 22:26:09 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/06 21:04:18 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)
SRV - [2011/11/05 05:23:28 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2011/06/14 11:21:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/06/14 11:21:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2011/04/10 10:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011/03/21 20:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/03/18 15:05:20 | 000,070,928 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifP60x64.sys -- (IFCoEVB)
DRV:[b]64bit:[/b] - [2011/03/18 15:05:18 | 000,349,968 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifM60x64.sys -- (IFCoEMP)
DRV:[b]64bit:[/b] - [2011/02/09 13:26:50 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:[b]64bit:[/b] - [2010/11/25 10:27:40 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:[b]64bit:[/b] - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010/10/29 15:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2010/10/01 10:35:06 | 000,302,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:[b]64bit:[/b] - [2010/10/01 10:34:40 | 000,023,080 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:[b]64bit:[/b] - [2010/08/13 03:04:22 | 000,127,088 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcrdrx64.sys -- (vcrdrx64)
DRV:[b]64bit:[/b] - [2010/08/09 10:01:58 | 000,088,912 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EUCR6SK.sys -- (EUCR)
DRV:[b]64bit:[/b] - [2010/03/23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:[b]64bit:[/b] - [2010/02/26 14:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2010/02/11 11:01:20 | 000,026,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64)
DRV:[b]64bit:[/b] - [2010/02/11 11:00:22 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64)
DRV:[b]64bit:[/b] - [2009/11/24 17:33:50 | 000,028,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:[b]64bit:[/b] - [2009/11/16 06:45:26 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) Intel(R)
DRV:[b]64bit:[/b] - [2009/11/16 06:45:22 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:[b]64bit:[/b] - [2009/11/16 06:27:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma) Intel(R)
DRV:[b]64bit:[/b] - [2009/10/23 08:26:14 | 000,028,672 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:[b]64bit:[/b] - [2009/08/01 15:08:26 | 000,067,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisagpx.sys -- (uagp35)
DRV:[b]64bit:[/b] - [2009/08/01 15:08:26 | 000,067,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisagpx.sys -- (SISAGP)
DRV:[b]64bit:[/b] - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 20:34:41 | 000,057,344 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc21x4vm.sys -- (dc21x4vm)
DRV:[b]64bit:[/b] - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:[b]64bit:[/b] - [2008/11/12 09:00:00 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:[b]64bit:[/b] - [2007/07/11 04:00:50 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidshim.sys -- (hidshim)
DRV:[b]64bit:[/b] - [2007/07/11 04:00:46 | 000,025,088 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winbondhidcir.sys -- (winbondhidcir)
DRV:[b]64bit:[/b] - [2007/06/24 03:37:00 | 000,065,024 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wbondir.sys -- (wbondir)
DRV:[b]64bit:[/b] - [2007/03/28 04:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir)
DRV:[b]64bit:[/b] - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm






IE - HKU\S-1-5-21-3914302624-1360635431-3408457340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKU\S-1-5-21-3914302624-1360635431-3408457340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com
IE - HKU\S-1-5-21-3914302624-1360635431-3408457340-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JEZ\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JEZ\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/14 21:01:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/02 19:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEZ\AppData\Roaming\Mozilla\Extensions
[2011/11/05 11:52:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEZ\AppData\Roaming\Mozilla\Firefox\Profiles\ijgoc6n3.default\extensions
[2011/09/04 07:56:39 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\JEZ\AppData\Roaming\Mozilla\Firefox\Profiles\ijgoc6n3.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/09/02 19:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JEZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IJGOC6N3.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\JEZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IJGOC6N3.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/11/14 21:01:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/14 21:01:33 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/14 21:01:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/14 21:01:33 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/14 21:01:33 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/14 21:01:33 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JEZ\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\JEZ\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JEZ\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\JEZ\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\JEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\JEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\JEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/09/05 17:50:35 | 000,001,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B204A-645F-43B4-B0E3-4E4621D82BD4}: DhcpNameServer = 192.168.1.254
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\599\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\599\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/01/10 21:25:55 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{73F49B99-13B9-44A0-AA0F-1044C06BFB72}
[2012/01/10 21:25:23 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{43EBBA3A-505C-4154-9A24-55789A1E7B68}
[2012/01/10 18:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\JEZ\Desktop\OTL.exe
[2012/01/06 21:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/01/06 21:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/01/06 21:04:11 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\Citrix
[2012/01/06 21:03:46 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\Deployment
[2012/01/06 21:03:46 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\Apps
[2012/01/06 19:54:37 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{DBB998C0-8057-4724-98F3-D5C4ABD6B547}
[2012/01/06 19:54:27 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{A07F0308-CAEF-4254-9183-637B5D8AF93B}
[2012/01/05 22:38:13 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{3597AAFC-B915-482D-B4C3-54258017F14B}
[2012/01/05 22:38:03 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{B3D1F725-6DDB-418A-A0B9-E77D7201A0F3}
[2012/01/04 20:00:23 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{FA09404C-411C-47D2-99C3-8174567DE93F}
[2012/01/04 20:00:12 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{F924BE2B-29D9-4200-8CAF-D17D6AAD6989}
[2012/01/03 18:45:34 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{931086E3-D6FE-42BD-A273-F874ECD25117}
[2012/01/03 18:45:24 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{62688939-3710-4ED5-98C9-2A1AEA5C5984}
[2012/01/02 13:55:16 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{06EEDDEC-BB35-4A31-82AF-B5ABEF127646}
[2012/01/02 13:55:06 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{3975F66B-4431-4CEF-BB6F-48AF7AB023BD}
[2012/01/01 13:49:02 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{09C8B0BE-66E6-4731-A668-D276732A687F}
[2012/01/01 13:48:52 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{EFAEEA87-027C-49E2-ADC3-CFC510D48C5A}
[2012/01/01 01:03:29 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{D4E39340-497D-4AC4-8278-CFF5E1908058}
[2012/01/01 01:03:19 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{A21D805A-16DC-454D-A566-9D6DDA2D5CCC}
[2011/12/31 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{29EFEDB9-5220-42E2-A3F5-330D7D07EFB0}
[2011/12/30 11:57:00 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{D7E7C854-ED86-497D-BFD3-8A16BB4A52AA}
[2011/12/30 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{7D7B6721-05F3-4892-84EB-3FCED415213D}
[2011/12/29 21:14:15 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{3B4F9A7F-8C67-43B9-81A0-3D94DB3224AB}
[2011/12/29 21:14:05 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{A371C8F2-620F-4780-86EA-0293FDB63821}
[2011/12/28 21:12:22 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{24C01338-1EC3-4439-952B-8A3B795ED32F}
[2011/12/28 21:12:10 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{BE049017-A0C3-421E-A993-EA64E26E75B8}
[2011/12/28 19:17:26 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{38C0B08B-2A50-45A3-86BE-51EACF98D8BE}
[2011/12/28 12:40:48 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{3A0C79F1-DEE6-4AA6-A391-B9600FDB06DF}
[2011/12/26 11:55:13 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{2930F6A4-E811-4F0C-9197-DBDA6E5AC35C}
[2011/12/26 11:55:03 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{63651A93-B563-4E6A-864C-02AA39652F55}
[2011/12/25 21:32:24 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{96F424C3-D1CC-46CE-8E23-948382908F93}
[2011/12/25 21:32:14 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{66910462-0FC7-4508-93F8-31566AE23E21}
[2011/12/24 13:50:32 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{EA41A69E-5DF8-4A02-A047-318A97C40CE8}
[2011/12/24 13:50:22 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{588381AF-FB46-435C-9504-A05B41ADCCC1}
[2011/12/23 11:06:43 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{572F3FE8-5DD9-493A-A95C-7C47CA28C36C}
[2011/12/23 11:06:33 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{2A3EAD09-045C-437A-B911-9CBC61A10C3C}
[2011/12/22 23:06:09 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{D1A57B5E-F3B9-4207-A448-33CA722E7B7F}
[2011/12/22 23:06:00 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{5F414DFC-448F-4BF9-812B-74B2766DA0DF}
[2011/12/22 10:27:25 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{8A2876FF-20F4-4E1C-8393-EF74B00F9673}
[2011/12/22 10:27:15 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{3C4AC7FC-B1F9-486F-A749-7CCAFAC5B7B1}
[2011/12/20 18:22:39 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{243C6DF9-FE60-4ACE-8D95-55FF84D3290E}
[2011/12/20 18:22:28 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{33F537DC-2262-4E33-B11A-FF2B17C1B257}
[2011/12/19 21:58:05 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{E2B8FB82-95EA-443F-96A9-EAEE16FECA8F}
[2011/12/19 21:57:55 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{40162461-79BF-427D-9547-7FFBB416E05F}
[2011/12/18 21:37:41 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{4125149B-537E-4CD2-8F1A-F8D86C8938DD}
[2011/12/18 14:30:37 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{EDF7E1AF-BED4-4344-8AFA-271137388AE6}
[2011/12/18 11:39:35 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{F76BF960-A144-43EE-931C-BBB0E42828D6}
[2011/12/17 12:08:22 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{D72952C1-1987-4228-8716-67F4D76C07B4}
[2011/12/17 12:08:12 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{0EDF5DD8-8062-428A-A318-98BBB0446AB4}
[2011/12/16 18:15:30 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{07530D7E-250E-45FB-86C7-3CF2CA7880F6}
[2011/12/16 18:15:20 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{8FE4A4CF-9293-488E-B47D-F1F4FE2004D5}
[2011/12/15 21:05:54 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{483AB780-79A8-4B69-8445-29978ACABC41}
[2011/12/15 21:05:44 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{604CFE26-F661-49E0-AFC5-500825D168A3}
[2011/12/14 22:09:26 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/12/14 22:09:26 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/12/14 22:09:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/12/14 22:09:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011/12/14 22:09:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011/12/14 22:09:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/12/14 22:09:24 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2011/12/14 22:09:24 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2011/12/14 22:09:24 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2011/12/14 22:09:24 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2011/12/14 22:09:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2011/12/14 18:44:32 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{FDCA399E-D30B-4AA4-8834-9E7B6CF1EBD0}
[2011/12/14 18:44:22 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{0D288DB2-E0C4-4C0E-87C8-CFB1ACE70F91}
[2011/12/14 18:39:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2011/12/14 18:39:19 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2011/12/14 18:39:18 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2011/12/12 19:10:54 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{A4CCABE7-0132-45FB-9EFA-38D5AFB033D3}
[2011/12/12 19:10:44 | 000,000,000 | ---D | C] -- C:\Users\JEZ\AppData\Local\{DFB7EBBE-B97D-4B47-AD8F-C5EFA00F8CD5}

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/01/10 21:26:21 | 000,025,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 21:26:21 | 000,025,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 21:24:56 | 000,729,688 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/01/10 21:24:56 | 000,630,124 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/01/10 21:24:56 | 000,111,208 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/01/10 21:19:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/10 21:19:00 | 3152,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/10 18:04:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\JEZ\Desktop\OTL.exe
[2012/01/06 23:00:20 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3914302624-1360635431-3408457340-1000UA.job
[2012/01/06 21:34:00 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3914302624-1360635431-3408457340-1000Core.job
[2012/01/06 21:04:10 | 000,103,784 | ---- | M] () -- C:\Users\JEZ\GoToAssistDownloadHelper.exe
[2012/01/02 16:14:37 | 000,012,793 | ---- | M] () -- C:\Users\JEZ\Desktop\mbam - Shortcut.lnk
[2011/12/22 20:04:28 | 000,001,456 | ---- | M] () -- C:\Users\JEZ\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/22 12:20:06 | 000,002,054 | -H-- | M] () -- C:\Users\JEZ\Documents\Default.rdp
[2011/12/19 21:47:51 | 000,002,397 | ---- | M] () -- C:\Users\JEZ\Desktop\Google Chrome.lnk
[2011/12/15 21:04:34 | 004,897,192 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/01/06 21:04:09 | 000,103,784 | ---- | C] () -- C:\Users\JEZ\GoToAssistDownloadHelper.exe
[2012/01/02 16:14:37 | 000,012,793 | ---- | C] () -- C:\Users\JEZ\Desktop\mbam - Shortcut.lnk
[2011/09/26 21:36:40 | 000,173,373 | ---- | C] () -- C:\windows\hpoins46.dat
[2011/09/26 21:36:40 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat
[2011/09/16 09:08:26 | 000,001,456 | ---- | C] () -- C:\Users\JEZ\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/05/26 13:06:08 | 000,722,382 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/23 10:46:08 | 000,361,808 | ---- | C] () -- C:\windows\EMCRI_E.dll
[2011/05/23 10:12:00 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/05/23 10:11:58 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/05/23 10:11:57 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/05/23 10:11:56 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/05/23 10:11:55 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

< End of report >
estheblessed
Member+
 
Posts: 48
Joined: November 3rd, 2006, 6:32 pm

Re: Trojan:JS/BlacoleRef.T

Unread postby Jack&Jill » January 10th, 2012, 8:29 pm

This is not the first time you have posted for help on our forum.
Your topic is being closed for one (or more) of the following reasons:

  • Repeated use of P2P software, despite warnings of their use and requests for removal.
  • Repeated use of cracked, illegal or pirated software.
  • Use of outdated or unpatched versions of Windows, after previously agreeing to update as a condition for receiving help on our forum.
  • Returning for help with no Anti-virus software installed, despite being advised to install.
  • Continued practice of unsafe surfing.
  • Posting for help for many different computers, repair tech.
  • Continuing to post in multiple malware removal forums, for the same computer issue.
  • Repeatedly failing to reply to your topic within the necessary time frames.

This topic is now closed.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware