[Vilezz]

Hi,
So i just reinstalled windows 7 do clean all the crap out of my computer and the next day i get this virus from out of nowhere called security tool, i googled it and removed it with malware bytes, the next day im in the middle of playing metro 2033 and a popup comes up saying "security tool successfully installed" i thought to myself oh great and immediatly close my game and started to run the malware bytes scan. unfortunatly halfway through it gave me what i assume was a fake BSOD because the blue was a darker colour then normal and it actually stayed there and made me restart my computer. but i didnt realise untill after hitting my reset button. next thing i know all i can do is turn my computer on and so far the only program thats working is Xfire all the others come up with security tool saying "this program is infect with ......."

Thanks if you can help

[Advertisements]

Hi lets try this first, if it fails go to Plan B

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.



Then select Start OTL. OTL will now run

• Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
  Select Scan.txt that you downloaded
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Click the Internet Explorer button, post these logs in your Virus Removal topic.

Plan B

Download Rkill from here : there are several flavours to choose from, if one does not work then try the next

* rkill.com
* rkill.scr
* rkill.pif


Once it is downloaded, double-click on rkill in order to automatically attempt to stop any processes associated with Security Central and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Central when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Central . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.

Do not reboot your computer after running rkill as the malware programs will start again.

Then run OTL as above

[Essexboy]

Hi lets try this first, if it fails go to Plan B

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.



Then select Start OTL. OTL will now run

• Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
  Select Scan.txt that you downloaded
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Click the Internet Explorer button, post these logs in your Virus Removal topic.

Plan B

Download Rkill from here : there are several flavours to choose from, if one does not work then try the next

* rkill.com
* rkill.scr
* rkill.pif


Once it is downloaded, double-click on rkill in order to automatically attempt to stop any processes associated with Security Central and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Central when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Central . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.

Do not reboot your computer after running rkill as the malware programs will start again.

Then run OTL as above

[Vilezz]

Sorry, didnt know which ones to attache so i just uploaded all of the .txt files, Thanks.

OTL logfile created on: 19/09/2010 12:31:41 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = F:\AntiV
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 366.63 Gb Free Space | 78.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 569.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 297.44 Gb Total Space | 121.44 Gb Free Space | 40.83% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THATMACHINE
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/19 12:29:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\AntiV\OTL.scr
PRC - [2010/09/19 12:29:00 | 000,258,560 | ---- | M] (OldTimer Tools) -- F:\AntiV\OTH.scr
PRC - [2009/07/14 02:14:42 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe


========== Modules (SafeList) ==========

MOD - [2010/09/19 12:29:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\AntiV\OTL.scr
MOD - [2010/06/30 07:21:47 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MOD - [2009/07/14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009/07/14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009/07/14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/07/14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll
MOD - [2009/07/14 02:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll
MOD - [2009/07/14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2009/07/14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009/07/14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll
MOD - [2009/07/14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009/07/14 02:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2009/07/14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll
MOD - [2009/07/14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2009/07/14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/23 15:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 15:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/16 18:36:10 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/16 18:36:07 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/16 18:37:10 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/09/16 18:37:06 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/09/16 18:37:06 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 16:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
DRV:64bit: - [2009/07/14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 11:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC F3 35 A8 B3 55 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [976683] C:\Users\Joe\AppData\Local\976683.exe ()
O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/12 19:38:52 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 22:12:18 | 000,000,088 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d777526e-c1a2-11df-932b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d777526e-c1a2-11df-932b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- [2009/09/04 23:20:42 | 002,770,208 | ---- | M] (Western Digital)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Razor1911_Installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/18 23:59:37 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\mIRC
[2010/09/18 21:04:33 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\My Received Files
[2010/09/18 21:02:49 | 000,000,000 | ---D | C] -- C:\Users\Joe\Tracing
[2010/09/18 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/18 20:58:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/09/18 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/18 20:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/17 23:30:10 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Malwarebytes
[2010/09/17 23:30:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/17 23:30:04 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/17 23:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/17 23:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/17 00:57:23 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/09/16 21:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/09/16 21:42:30 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\WinRAR
[2010/09/16 21:38:20 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\.minecraft
[2010/09/16 21:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/16 21:37:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/09/16 21:37:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/09/16 21:19:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/09/16 21:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/09/16 21:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/09/16 21:17:23 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\LocalMS
[2010/09/16 21:16:44 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/16 20:46:57 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\4A Games
[2010/09/16 20:46:08 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\4A Games
[2010/09/16 20:44:16 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\NVIDIA
[2010/09/16 20:39:28 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\LolClient
[2010/09/16 20:35:13 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/09/16 20:35:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/09/16 20:23:54 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Skype
[2010/09/16 20:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\METRO 2033
[2010/09/16 20:08:48 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/09/16 20:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/09/16 20:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/09/16 20:04:23 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\uTorrent
[2010/09/16 19:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/09/16 19:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/09/16 19:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/09/16 19:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/09/16 19:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/09/16 19:13:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/16 19:11:28 | 000,000,000 | ---D | C] -- C:\Windows\PixArt
[2010/09/16 18:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2010/09/16 18:57:35 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\PC_Drivers_Headquarters
[2010/09/16 18:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2010/09/16 18:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2010/09/16 18:44:43 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Macromedia
[2010/09/16 18:44:43 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Adobe
[2010/09/16 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Google
[2010/09/16 18:41:16 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Apps
[2010/09/16 18:41:15 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Deployment
[2010/09/16 18:37:11 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/16 18:37:09 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/16 18:37:06 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/16 18:37:05 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/16 18:37:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/09/16 18:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/16 18:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/09/16 18:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/09/16 18:34:35 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Xfire
[2010/09/16 18:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010/09/16 18:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/09/16 18:33:59 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\WTablet
[2010/09/16 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\WTouch
[2010/09/16 18:33:50 | 000,290,088 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Touch_Tablet.dll
[2010/09/16 18:33:50 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Touch_Tablet.dll
[2010/09/16 18:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/09/16 18:33:47 | 007,543,592 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\PenTablet.cpl
[2010/09/16 18:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2010/09/16 18:33:42 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys
[2010/09/16 18:33:32 | 000,015,656 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys
[2010/09/16 18:33:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WTablet
[2010/09/16 18:33:25 | 005,556,520 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.exe
[2010/09/16 18:33:25 | 000,490,280 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll
[2010/09/16 18:33:25 | 000,416,040 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll
[2010/09/16 18:33:25 | 000,349,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll
[2010/09/16 18:33:25 | 000,284,160 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll
[2010/09/16 18:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tablet
[2010/09/16 18:33:04 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Crap
[2010/09/16 18:28:23 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Music
[2010/09/16 17:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2010/09/16 17:51:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/09/16 17:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/09/16 17:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\METRO 2033 2
[2010/09/16 17:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
[2010/09/16 17:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\League of Legends
[2010/09/16 17:34:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/09/16 17:34:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/09/16 17:11:04 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/09/16 17:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2010/09/16 16:30:39 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\keyfinder[1]
[2010/09/16 16:26:46 | 000,000,000 | R--D | C] -- C:\Users\Joe\Searches
[2010/09/16 16:26:46 | 000,000,000 | -H-D | C] -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/09/16 16:26:37 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Identities
[2010/09/16 16:26:36 | 000,000,000 | R--D | C] -- C:\Users\Joe\Contacts
[2010/09/16 16:26:34 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\VirtualStore
[2010/09/16 16:26:30 | 000,000,000 | --SD | C] -- C:\Users\Joe\AppData\Roaming\Microsoft
[2010/09/16 16:26:30 | 000,000,000 | R--D | C] -- C:\Users\Joe\Videos
[2010/09/16 16:26:30 | 000,000,000 | R--D | C] -- C:\Users\Joe\Saved Games
[2010/09/16 16:26:30 | 000,000,000 | R--D | C] -- C:\Users\Joe\Pictures
[2010/09/16 16:26:30 | 000,000,000 | R--D | C] -- C:\Users\Joe\Music
[2010/09/16 16:26:30 | 000,000,000 | R--D | C] -- C:\Users\Joe\Links
[2010/09/16 16:26:30 | 000,000,000 | R--D | C] -- C:\Users\Joe\Favorites
[2010/09/16 16:26:30 | 000,000,000 | R--D | C] -- C:\Users\Joe\Downloads
[2010/09/16 16:26:30 | 000,000,000 | R--D | C] -- C:\Users\Joe\My Documents
[2010/09/16 16:26:30 | 000,000,000 | R--D | C] -- C:\Users\Joe\Desktop
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\AppData\Local\Temporary Internet Files
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\Templates
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\Start Menu
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\SendTo
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\Recent
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\PrintHood
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\NetHood
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\Documents\My Videos
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\Documents\My Pictures
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\Documents\My Music
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\My Documents
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\Local Settings
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\AppData\Local\History
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\Cookies
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\Application Data
[2010/09/16 16:26:30 | 000,000,000 | -HSD | C] -- C:\Users\Joe\AppData\Local\Application Data
[2010/09/16 16:26:30 | 000,000,000 | -H-D | C] -- C:\Users\Joe\AppData
[2010/09/16 16:26:30 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Temp
[2010/09/16 16:26:30 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Microsoft
[2010/09/16 16:26:30 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Media Center Programs
[2010/09/16 16:01:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/09/16 15:59:16 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/09/16 13:51:50 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/16 01:01:38 | 000,000,000 | ---D | C] -- C:\Nexon2
[2010/07/28 22:44:03 | 000,000,000 | ---D | C] -- C:\Gamania
[2010/07/13 16:19:36 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/07/10 05:38:00 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/10 05:38:00 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/03 23:54:20 | 000,000,000 | ---D | C] -- C:\Gamigo
[2010/07/01 15:42:16 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/19 12:32:13 | 001,048,576 | -HS- | M] () -- C:\Users\Joe\NTUSER.DAT
[2010/09/19 12:30:57 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\Acrobat Update.job
[2010/09/19 12:28:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/19 12:28:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/19 12:28:20 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/19 00:14:48 | 001,576,928 | -H-- | M] () -- C:\Users\Joe\AppData\Local\IconCache.db
[2010/09/19 00:05:04 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 00:05:04 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/18 23:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854384640-3670381866-3459630312-1001UA.job
[2010/09/18 23:16:31 | 001,131,008 | ---- | M] () -- C:\Users\Joe\AppData\Local\976683.exe
[2010/09/18 22:47:43 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2010/09/18 22:00:58 | 000,001,483 | ---- | M] () -- C:\Users\Joe\Desktop\lol.launcher - Shortcut.lnk
[2010/09/18 18:46:00 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854384640-3670381866-3459630312-1001Core.job
[2010/09/18 17:43:22 | 064,887,310 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/18 17:01:13 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/18 17:01:13 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/18 17:01:13 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/17 23:30:07 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/16 21:18:54 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/09/16 20:24:09 | 000,001,500 | ---- | M] () -- C:\Users\Joe\Desktop\Skype - Shortcut.lnk
[2010/09/16 20:23:35 | 000,001,465 | ---- | M] () -- C:\Users\Joe\Desktop\metro2033 - Shortcut.lnk
[2010/09/16 20:08:50 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/09/16 20:04:53 | 000,000,971 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/09/16 20:04:53 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/09/16 19:26:37 | 000,276,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/16 19:19:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010/09/16 19:16:11 | 000,057,952 | ---- | M] () -- C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/16 19:13:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/09/16 19:13:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2010/09/16 19:12:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/09/16 19:11:33 | 000,000,446 | ---- | M] () -- C:\Windows\win.ini
[2010/09/16 18:42:35 | 000,002,309 | ---- | M] () -- C:\Users\Joe\Desktop\Google Chrome.lnk
[2010/09/16 18:37:11 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/16 18:37:10 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/16 18:37:06 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/16 18:37:06 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/16 18:37:05 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/16 18:34:34 | 000,001,003 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2010/09/16 18:34:34 | 000,000,991 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk
[2010/09/16 17:22:03 | 000,524,288 | -HS- | M] () -- C:\Users\Joe\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/09/16 17:22:03 | 000,524,288 | -HS- | M] () -- C:\Users\Joe\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/09/16 17:22:03 | 000,065,536 | -HS- | M] () -- C:\Users\Joe\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/09/16 16:27:10 | 000,001,441 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/16 16:26:30 | 000,000,020 | -HS- | M] () -- C:\Users\Joe\ntuser.ini
[2010/09/16 16:03:44 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/09/16 16:03:44 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/07/10 05:38:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/10 05:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/10 05:38:00 | 000,012,264 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/07/09 20:04:40 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/09 20:04:40 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/18 23:16:31 | 001,131,008 | ---- | C] () -- C:\Users\Joe\AppData\Local\976683.exe
[2010/09/18 22:47:43 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2010/09/18 22:00:58 | 000,001,483 | ---- | C] () -- C:\Users\Joe\Desktop\lol.launcher - Shortcut.lnk
[2010/09/17 23:30:07 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/16 21:18:54 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/09/16 20:24:09 | 000,001,500 | ---- | C] () -- C:\Users\Joe\Desktop\Skype - Shortcut.lnk
[2010/09/16 20:23:35 | 000,001,465 | ---- | C] () -- C:\Users\Joe\Desktop\metro2033 - Shortcut.lnk
[2010/09/16 20:08:50 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/09/16 20:08:15 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\Acrobat Update.job
[2010/09/16 20:04:53 | 000,000,971 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/09/16 20:04:53 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/09/16 19:19:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010/09/16 19:13:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/09/16 19:13:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2010/09/16 19:12:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/09/16 18:42:35 | 000,002,309 | ---- | C] () -- C:\Users\Joe\Desktop\Google Chrome.lnk
[2010/09/16 18:41:40 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854384640-3670381866-3459630312-1001UA.job
[2010/09/16 18:41:39 | 000,000,846 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854384640-3670381866-3459630312-1001Core.job
[2010/09/16 18:37:05 | 064,887,310 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/16 18:37:05 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/16 18:34:34 | 000,001,003 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2010/09/16 18:34:34 | 000,000,991 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk
[2010/09/16 18:33:47 | 001,595,175 | ---- | C] () -- C:\Windows\SysNative\PenTablet.znc
[2010/09/16 16:27:10 | 000,001,441 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/16 16:26:30 | 001,048,576 | -HS- | C] () -- C:\Users\Joe\NTUSER.DAT
[2010/09/16 16:26:30 | 000,524,288 | -HS- | C] () -- C:\Users\Joe\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/09/16 16:26:30 | 000,524,288 | -HS- | C] () -- C:\Users\Joe\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/09/16 16:26:30 | 000,262,144 | -HS- | C] () -- C:\Users\Joe\ntuser.dat.LOG1
[2010/09/16 16:26:30 | 000,065,536 | -HS- | C] () -- C:\Users\Joe\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/09/16 16:26:30 | 000,000,290 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/09/16 16:26:30 | 000,000,272 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/09/16 16:26:30 | 000,000,020 | -HS- | C] () -- C:\Users\Joe\ntuser.ini
[2010/09/16 16:26:30 | 000,000,000 | -HS- | C] () -- C:\Users\Joe\ntuser.dat.LOG2
[2010/07/10 05:38:00 | 000,012,264 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/07/09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/09 20:04:40 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

========== LOP Check ==========

[2010/09/16 21:38:21 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\.minecraft
[2010/09/16 20:39:28 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\LolClient
[2010/09/16 20:09:23 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\uTorrent
[2010/09/16 18:34:02 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\WTouch
[2010/09/19 12:30:57 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\Acrobat Update.job
[2009/07/14 06:08:49 | 000,004,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/11 10:35:03 | 000,000,197 | ---- | M] () -- C:\csb.log
[2010/08/03 02:20:54 | 000,000,010 | ---- | M] () -- C:\error.txt
[2008/04/11 10:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt
[2008/04/11 10:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt
[2008/04/11 10:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt
[2008/04/11 10:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt
[2008/04/11 10:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt
[2008/04/11 10:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt
[2008/04/11 10:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 10:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
[2008/04/11 10:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt
[2008/04/11 10:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt
[2010/08/09 04:12:38 | 000,000,000 | ---- | M] () -- C:\fftoutput.txt
[2008/04/11 10:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/09/19 12:28:20 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/11 20:33:29 | 000,001,152 | ---- | M] () -- C:\ijjiFFPlugin.log
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2008/04/11 10:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini
[2008/04/11 08:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2008/04/11 08:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2008/04/11 08:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2008/04/11 08:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2008/04/11 08:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2008/04/11 08:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 10:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
[2008/04/11 08:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/11/15 16:11:42 | 000,000,700 | -H-- | M] () -- C:\IPH.PH
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2009/12/31 02:37:27 | 000,304,160 | ---- | M] () -- C:\PA207.DAT
[2010/09/19 12:28:18 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys
[2010/02/08 08:13:21 | 000,000,266 | ---- | M] () -- C:\RecorderSDKLog.txt
[2009/07/11 10:31:39 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
[2010/02/22 17:09:47 | 000,000,135 | ---- | M] () -- C:\service.log
[2008/04/11 10:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2008/04/11 10:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
[2008/04/11 10:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI


< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/16 16:27:10 | 000,000,221 | -HS- | M] () -- C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/09/16 20:06:22 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/09/16 20:06:22 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/09/16 20:06:22 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/09/16 20:06:22 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/09/16 20:06:22 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/09/16 20:06:22 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/16 19:36:27 | 000,000,402 | -HS- | M] () -- C:\Users\Joe\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Attached Files

•  OTL.Txt   102.91KB   68 downloads
•  Extras.Txt   26.56KB   78 downloads
•  scan.txt   2.65KB   79 downloads

Edited by Essexboy, 19 September 2010 - 05:45 AM.
log opened

[Essexboy]

Here you go

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O4 - HKCU..\RunOnce: [976683] C:\Users\Joe\AppData\Local\976683.exe ()
  [2010/09/18 23:16:31 | 001,131,008 | ---- | M] () -- C:\Users\Joe\AppData\Local\976683.exe
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Update and re-run MBAM posting the resultant log

[Vilezz]

All processes killed
Error: Unable to interpret <%SYSTEMDRIVE%\*.*> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
Error: Unable to interpret <winlogon.exe> in the current context!
Error: Unable to interpret <wininit.exe > in the current context!
Error: Unable to interpret </md5stop> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.com> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.dll> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.ini> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.ini2> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\spool\prtprocs\w32x86\*.*> in the current context!
Error: Unable to interpret <%systemroot%\REPAIR\*.bak1> in the current context!
Error: Unable to interpret <%systemroot%\REPAIR\*.ini> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.jpg > in the current context!
Error: Unable to interpret <%systemroot%\*.jpg > in the current context!
Error: Unable to interpret <%systemroot%\*.png > in the current context!
Error: Unable to interpret <%systemroot%\*.scr> in the current context!
Error: Unable to interpret <%systemroot%\*._sy> in the current context!
Error: Unable to interpret <%APPDATA%\Adobe\Update\*.*> in the current context!
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\976683 deleted successfully.
C:\Users\Joe\AppData\Local\976683.exe moved successfully.
File C:\Users\Joe\AppData\Local\976683.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
F:\AntiV\cmd.bat deleted successfully.
F:\AntiV\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Joe
->Temp folder emptied: 200367735 bytes
->Temporary Internet Files folder emptied: 14476161 bytes
->Java cache emptied: 24311978 bytes
->Google Chrome cache emptied: 118940063 bytes
->Flash cache emptied: 43082 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3745398 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 857 bytes

Total Files Cleaned = 345.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Joe
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.12.1 log created on 09192010_125200

Files\Folders moved on Reboot...
C:\Users\Joe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Joe\AppData\Local\Temp\~DF2E67432DBE74A90F.TMP not found!
File\Folder C:\Users\Joe\AppData\Local\Temp\~DF3EE79BD5FF361FEE.TMP not found!
File\Folder C:\Users\Joe\AppData\Local\Temp\~DF64CD5960BF596F15.TMP not found!
File\Folder C:\Users\Joe\AppData\Local\Temp\~DF7A66E6230F6BD526.TMP not found!
File\Folder C:\Users\Joe\AppData\Local\Temp\~DF8D6BC73036A0265D.TMP not found!
File\Folder C:\Users\Joe\AppData\Local\Temp\~DFC69FDAAA1547314D.TMP not found!
C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XEG0WGZ4\like[1].htm moved successfully.
C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXNW8C1B\page__gopid__1902793[1].txt moved successfully.
C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13SZVYMZ\xd_proxy[1].htm moved successfully.

Registry entries deleted on Reboot...






ok so now other programs are working but my computer is taking 10 times as long to do anything, ill run the malware bytes scan now, i think thats MBAM

[Essexboy]

Aye it is - once you are cleaned up we will look at the speed

[Vilezz]

so it finally finished,


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4641

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19/09/2010 14:02:25
mbam-log-2010-09-19 (14-02-25).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 444500
Time elapsed: 1 hour(s), 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Games\Eufloria\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\09192010_125200\C_Users\Joe\AppData\Local\976683.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Acrobat Update.job (Malware.Trace) -> Quarantined and deleted successfully.

[Essexboy]

Right then what problems remain ?

[Vilezz]

It still feels slow but thanks very much for helping me out you guys at geeks to go are the best!

[Essexboy]

OK lets go for speed - once you have done this let me know of any improvement

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

You are now done

THEN

To try and ease the startup try this

Download Startup Control Panel here
Instal and you will find a startup icon in the control panel - run this

• In the HKLM tab, you may disable (be careful --> "disable") all the entries except your security software
• In the HKCU tab, you may disable all entries.
• In the StartUp tab, you may disable all entries.

Note : if you notice that some programs no longer run, you can enable them again by running Startup Control Panel, selecting the entry and choosing Run Now.
If you are in doubt with something, don't hesitate to ask

FINALLY

Looking at that I am a happy bunny

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
  Malwarebytes. Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

[Vilezz]

Thanks alot, i guess ill be back in 24 hours

[Essexboy]

As long as it is to say it is running faster

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.