Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Privacy Protection Spyware

Started by Joe Washburn , Nov 06 2011 11:54 PM

  • This topic is locked This topic is locked

#1
Joe Washburn
Posted 06 November 2011 - 11:54 PM

Joe Washburn

    Member

  • Member
  • PipPip
  • 17 posts
Hello, I was trying to watch something online when all of a sudden Privacy Protection "scanner" pops up and starts to "scan" my computer. I tried to open up task manager to close it and it wouldn't let me, I tried to open maleware bytes too but it wouldn't let me open that either. So I shut off my computer and started it in safe mode and deleted the file for Privacy Protection, I cannot recall the exact name but it's gone now :) Anyways I don't know if it's all gone so I'm posting here to see if you can help me figure out if it's all gone and if I need to worry or not. I ran OTL and here is my scan.

OTL logfile created on: 11/7/2011 12:44:15 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Joe\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 54.90% Memory free
8.00 Gb Paging File | 6.05 Gb Available in Paging File | 75.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 340.38 Gb Free Space | 73.10% Space Free | Partition Type: NTFS
Drive D: | 114.48 Gb Total Space | 27.49 Gb Free Space | 24.01% Space Free | Partition Type: NTFS
Drive E: | 363.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 74.49 Gb Total Space | 33.18 Gb Free Space | 44.54% Space Free | Partition Type: FAT32

Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/13 15:29:36 | 003,510,680 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2011/09/30 18:08:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/04 00:28:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Downloads\OTL.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/15 14:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/04/13 10:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
PRC - [2011/03/21 20:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
PRC - [2011/01/12 15:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe


========== Modules (SafeList) ==========

MOD - [2011/10/13 15:29:44 | 000,974,744 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\xfire_toucan_44598.dll
MOD - [2011/08/04 00:28:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Downloads\OTL.exe
MOD - [2011/05/15 14:53:34 | 000,064,600 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2003/02/21 17:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/06/17 08:30:54 | 000,094,480 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011/01/12 15:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/01/12 15:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/20 07:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/03 16:39:25 | 003,904,976 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/06/17 08:30:50 | 000,154,752 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/21 14:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 14:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 12:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/30 23:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/09/08 10:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2010/05/05 20:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 20:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 20:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 20:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 20:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 20:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/05/05 20:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/07/23 13:03:10 | 000,052,736 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/02 08:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV - [2011/07/16 15:01:56 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/01/03 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/120
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.facebook.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/09 16:21:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 18:08:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/15 18:17:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/07/12 01:02:37 | 000,000,000 | ---D | M]

[2011/07/25 22:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2011/07/25 22:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/05 19:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\uqta9xkt.default\extensions
[2011/08/29 19:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/29 19:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UQTA9XKT.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UQTA9XKT.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UQTA9XKT.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UQTA9XKT.DEFAULT\EXTENSIONS\[email protected]
[2011/09/30 18:08:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/29 19:16:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/07 00:03:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTxfiHlp] CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/07/13 08:30:30 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 00:34:25 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{1A564DB5-94F2-4145-8625-914B59D5DCB3}
[2011/11/07 00:34:13 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{19E4D540-1D76-416C-89EA-4C4EF7C3320E}
[2011/11/07 00:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2011/11/07 00:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/11/07 00:08:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/06 23:57:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/06 23:57:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/06 23:57:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/06 23:57:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/06 12:33:43 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{D0BCA247-6A51-4383-A07A-01F0B91ECF78}
[2011/11/06 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{2F5948FB-40CB-451E-BB96-D16A07816FAB}
[2011/11/05 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{16442631-E782-42A8-8B3C-4244F4A6B058}
[2011/11/05 00:36:42 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{6B0522B6-D201-45D5-975E-406D01540F04}
[2011/11/04 12:36:17 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{ABB29785-7CBA-4609-B188-10B2B39EF9BE}
[2011/11/04 12:36:04 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{1FAFFA2E-E059-4227-825E-7867ABACB3A0}
[2011/11/04 00:29:02 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{D1D5C1C5-B091-45AE-9569-27FB1A432FA3}
[2011/11/04 00:28:51 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{A23E2E08-BE2A-4ABE-A567-52C3D6CE6670}
[2011/11/03 12:28:24 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{D2727A8F-2602-4402-AC57-D6A0260B5ADC}
[2011/11/03 12:28:12 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{2D72F49C-F3A8-4516-8F16-5364F811E438}
[2011/11/03 00:27:46 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{BFABE912-A465-41C0-9346-9009069A1B0A}
[2011/11/03 00:27:35 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{94A76434-4A6B-4638-9BE7-376D064CC158}
[2011/11/03 00:20:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/11/02 12:22:59 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{33DBBEF3-F7CF-4A91-8251-A45C1CF7E852}
[2011/11/02 01:24:29 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/11/02 01:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/11/02 00:22:32 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{8D327052-77AC-4B5B-8F34-F05EDD4496A0}
[2011/11/01 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{25DB02E9-E6A8-4D90-ABB9-BC8F17FEBA05}
[2011/11/01 12:21:56 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{7B634EC1-CF0F-4ECA-9157-F019F6FA783C}
[2011/11/01 00:21:27 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{7A088528-0B4B-42F1-B1A1-0BE2526BC8BF}
[2011/11/01 00:21:15 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{64EDDD2D-B480-4138-ADD3-5BE5AB1A847A}
[2011/10/31 12:20:45 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{1FB64C4E-CC11-479F-AF17-074341CE5E44}
[2011/10/31 00:20:19 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{C0047D92-E8F1-4D7B-8861-42FB94070F4E}
[2011/10/30 12:19:52 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{34847224-BDB1-41C3-9135-BE546F12BD30}
[2011/10/30 00:19:26 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{4F6C2D0D-6874-41A1-A779-0995884C46BA}
[2011/10/29 12:18:46 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{4C6AAEC4-E484-4CAF-B260-5249195D47E7}
[2011/10/29 00:18:01 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{E367F20A-1552-4925-AA24-F5D65EA0E5B8}
[2011/10/28 12:17:33 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{DAE93CB7-B3F8-494F-8EA4-99ACF2675E60}
[2011/10/28 12:17:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{442F2993-8F1E-4B41-8B82-BC1B84C06BE3}
[2011/10/28 00:11:27 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{B3383077-8BE0-4651-8406-54C7C6A92D35}
[2011/10/27 12:11:02 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{B2347DCF-A76A-44E6-A02A-817B15574D2E}
[2011/10/27 00:10:32 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{C6F45DD0-29ED-454D-889D-B8BA03801282}
[2011/10/26 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{A7F51CFD-64D5-453C-A5DB-1428D53DD3D2}
[2011/10/26 12:09:44 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{7C5DECBD-A92F-478A-9EC0-ABBCD85C865B}
[2011/10/25 16:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/10/25 16:54:59 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/25 16:54:59 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/25 12:29:01 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{16E979BE-D788-4215-8B4F-5EC483D982C0}
[2011/10/25 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{C81A7915-147B-4212-8115-375D0CDA0DA6}
[2011/10/25 00:28:29 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{E1D30C94-D330-4D6C-B729-42CE03009BF9}
[2011/10/25 00:28:15 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{4A373C32-4983-4D92-990A-66DC8A9EB0F5}
[2011/10/24 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{01DADF65-94F4-4E72-AB70-5EECD3E9748C}
[2011/10/24 12:27:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{1394EA28-DAB9-4D71-91D3-C3F39D94C47F}
[2011/10/24 00:27:36 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{D28A5E3F-D92E-470E-9327-C22190A0EE5D}
[2011/10/24 00:27:25 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{E27C336E-9C04-44DD-8EA4-FA77BBD39A76}
[2011/10/23 12:27:10 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{E0733155-27DF-40A3-B002-BFBE7C7526BB}
[2011/10/23 12:26:58 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{4FB64E3C-9737-4500-968B-83ADFFAF1BD3}
[2011/10/23 00:26:45 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{D3B04508-E615-4180-B170-736C052C7380}
[2011/10/23 00:26:33 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{A10F5203-0EDD-42D7-81D5-F10243177175}
[2011/10/22 12:26:19 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{2BDDD059-A9F2-402E-ADB7-5D90B7CCA932}
[2011/10/22 12:26:06 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{B48850F8-3972-4EB6-BA75-0D246B52CB7C}
[2011/10/22 00:25:52 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{336648D7-A3C8-440F-912E-C7F1817D2599}
[2011/10/22 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{88B9F21F-03CC-410A-8BAA-2FC56C08B250}
[2011/10/21 12:25:05 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{0110DAAF-0A5F-43CD-9C0C-89F5565B70BB}
[2011/10/21 12:24:53 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{10E60A76-A475-439F-BB88-FA07988E0C77}
[2011/10/20 14:10:55 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{51404595-5F5E-46ED-8CB7-31507504401E}
[2011/10/20 14:10:39 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{C7CAECA2-D447-4069-BECD-1B5FC716284A}
[2011/10/19 14:21:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{20FE8CE2-CEB2-45FE-BE82-834B79677F6F}
[2011/10/19 14:20:59 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{43774975-2096-42B9-AE04-11D9155D3C18}
[2011/10/19 02:00:39 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{495D287B-F309-42D4-AFAA-13E203405EBE}
[2011/10/18 14:00:26 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{98D898D4-0367-43A3-91DD-1C1718914307}
[2011/10/18 14:00:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{5BC8E7E0-0BB0-4F8F-A0E5-68AB2FEEE06B}
[2011/10/18 02:00:00 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{0354AC18-089F-4DEB-8EEB-30C3F4D18064}
[2011/10/18 01:59:48 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{2FBA1B81-3EB9-4F36-8EE9-00B056C0E651}
[2011/10/17 13:59:33 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{D259A527-CA81-403E-BA12-925FC641A540}
[2011/10/17 13:59:21 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{285791C6-E105-48FE-A726-F319AB1AE759}
[2011/10/17 01:59:03 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{67B24753-067A-43AE-BF51-D597D9168115}
[2011/10/17 01:58:51 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{B7F85C1C-823A-42EE-A039-2ADC299D7AF8}
[2011/10/16 13:58:37 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{9EC18236-A555-4AAA-8433-70E8A7924088}
[2011/10/16 13:58:26 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{22BBBD04-17D2-4180-8869-36F2E0FF5CA3}
[2011/10/16 01:58:11 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{95CD281D-675B-42B8-BC94-B1384CD5BC01}
[2011/10/16 01:57:59 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{E97A3D52-AB69-461A-AFCB-DE72A18B598D}
[2011/10/15 18:16:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/10/15 18:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/10/15 18:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/10/15 18:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011/10/15 18:15:34 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Real
[2011/10/15 13:57:46 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{57D18DDB-CA1D-4BC2-B5D0-6C4CA35E5D96}
[2011/10/15 13:57:35 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{6FBEA8A8-8A99-477B-BC38-2F70D75E73D7}
[2011/10/15 01:57:20 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{A9B1B084-DBB8-4B7E-9CC3-3EB507D3C47D}
[2011/10/15 01:57:08 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{00A77E63-DD02-4370-AF81-88E7A9917580}
[2011/10/14 13:45:16 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{103D89CA-FCCB-4652-8039-90A26A54029B}
[2011/10/14 13:44:58 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{6C0223D4-5DFF-4B8A-A92B-1A693BC5FA2B}
[2011/10/13 23:56:28 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\FileZilla
[2011/10/13 23:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/10/13 23:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011/10/13 12:09:21 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{AC787982-78A4-4235-989E-EB7FFE68DEEA}
[2011/10/13 12:09:00 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{6FA0A8EA-E787-4410-BAA4-056A20C8F050}
[2011/10/13 00:08:42 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{15B0C459-DA8A-4DEA-98AF-C668E1E6F656}
[2011/10/13 00:08:28 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{868CC012-203F-487F-96EB-AD20172F2E97}
[2011/10/12 13:58:45 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pure Faction 3.0
[2011/10/12 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/10/12 13:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Faction
[2011/10/12 13:44:02 | 000,000,000 | ---D | C] -- C:\games
[2011/10/12 12:07:37 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{6137A2BB-0B75-4E28-BCDA-F5EF3515CCDE}
[2011/10/12 12:07:21 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{478DC445-18EA-4F7B-953B-01CF5669DCE2}
[2011/10/11 14:40:08 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{3E7F0CFC-137A-444D-B8B7-589EEF24CB7B}
[2011/10/11 14:39:54 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{B508F4BC-E217-4787-B14D-6F3C244F96A7}
[2011/10/11 02:39:21 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{AD6972D8-0446-4409-A129-186B4F89089A}
[2011/10/11 02:39:09 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{A8D58C7F-EF06-419A-9BB6-03298D599552}
[2011/10/10 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{78712F8D-FB77-4E4A-8F6C-729B347602E6}
[2011/10/10 14:38:39 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{7B1D4505-BFD3-4B9C-B18F-1458C571285E}
[2011/10/09 16:21:28 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\DivX
[2011/10/09 16:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/10/09 12:58:07 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{AA315773-D4A6-47F9-B87A-22C1277328FE}
[2011/10/09 12:57:55 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{784354E9-D946-4D51-9269-700C24BBCBD3}
[2011/10/09 00:57:40 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{F0D36E19-8209-4290-A61B-240840F13F0B}
[2011/10/09 00:57:28 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{47161156-C5A4-4C0D-9486-EA6F502D3756}
[2011/10/08 12:56:54 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{C0059372-43A0-4E21-8755-DF565BA810D4}
[2011/10/08 12:56:42 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{79D505C3-2DC3-449B-826B-EDE205898112}
[2011/10/08 00:56:26 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{1A3F5EA3-7ADB-4F4C-A720-6078B33A77C6}
[2011/10/08 00:56:12 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{90483757-976D-4553-84F5-C00D2A60EFAF}
[2010/05/05 18:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/05/05 18:38:18 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 00:10:50 | 000,025,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 00:10:50 | 000,025,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 00:08:28 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/07 00:08:28 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/07 00:08:28 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/07 00:03:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/07 00:03:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 00:03:09 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/05 21:33:31 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2011/11/05 21:33:31 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2011/11/05 21:33:31 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2011/11/04 16:24:03 | 000,052,416 | ---- | M] () -- C:\Users\Joe\Documents\excellent.jpg
[2011/10/25 16:58:05 | 000,001,822 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/10/25 16:10:56 | 000,218,633 | ---- | M] () -- C:\Users\Joe\Documents\rappelz_screen00000027.JPG
[2011/10/25 14:53:42 | 000,020,630 | ---- | M] () -- C:\Users\Joe\Documents\307674_1912254220985_1680798083_1355435_738076865_n.jpg
[2011/10/23 10:42:30 | 000,017,675 | ---- | M] () -- C:\Users\Joe\Documents\JAJA.jpg
[2011/10/21 16:20:04 | 000,013,188 | ---- | M] () -- C:\Users\Joe\Documents\rappelz_screen00000023.jpg
[2011/10/18 14:22:45 | 000,082,795 | ---- | M] () -- C:\Users\Joe\Documents\dinoabort.png
[2011/10/18 14:22:22 | 000,063,541 | ---- | M] () -- C:\Users\Joe\Documents\boobhang.jpg
[2011/10/18 14:21:54 | 000,043,437 | ---- | M] () -- C:\Users\Joe\Documents\milk.jpg
[2011/10/16 23:47:18 | 000,253,013 | ---- | M] () -- C:\Users\Joe\Documents\rappelz_screen00000019.JPG
[2011/10/16 23:47:13 | 000,247,064 | ---- | M] () -- C:\Users\Joe\Documents\rappelz_screen00000017.JPG
[2011/10/16 13:01:33 | 000,024,139 | ---- | M] () -- C:\Users\Joe\Documents\Occupy.jpg
[2011/10/15 18:17:00 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/10/15 18:16:16 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/10/15 03:53:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/15 03:53:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/15 03:53:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011/10/14 23:54:52 | 000,321,856 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/13 15:29:40 | 000,042,392 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/10/13 15:29:40 | 000,028,056 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2011/10/12 16:23:31 | 021,073,936 | ---- | M] () -- C:\Users\Joe\Documents\vlc-1.1.11-win32.exe
[2011/10/12 13:58:45 | 000,000,772 | ---- | M] () -- C:\Users\Joe\Desktop\Pure Faction Launcher.lnk
[2011/10/12 12:06:18 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/06 23:57:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/06 23:57:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/06 23:57:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/06 23:57:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/06 23:57:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/04 16:23:57 | 000,052,416 | ---- | C] () -- C:\Users\Joe\Documents\excellent.jpg
[2011/11/03 00:22:33 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/10/25 16:10:38 | 000,218,633 | ---- | C] () -- C:\Users\Joe\Documents\rappelz_screen00000027.JPG
[2011/10/25 14:53:38 | 000,020,630 | ---- | C] () -- C:\Users\Joe\Documents\307674_1912254220985_1680798083_1355435_738076865_n.jpg
[2011/10/23 10:42:29 | 000,017,675 | ---- | C] () -- C:\Users\Joe\Documents\JAJA.jpg
[2011/10/21 16:20:02 | 000,013,188 | ---- | C] () -- C:\Users\Joe\Documents\rappelz_screen00000023.jpg
[2011/10/18 14:22:44 | 000,082,795 | ---- | C] () -- C:\Users\Joe\Documents\dinoabort.png
[2011/10/18 14:22:20 | 000,063,541 | ---- | C] () -- C:\Users\Joe\Documents\boobhang.jpg
[2011/10/18 14:21:53 | 000,043,437 | ---- | C] () -- C:\Users\Joe\Documents\milk.jpg
[2011/10/16 23:47:14 | 000,253,013 | ---- | C] () -- C:\Users\Joe\Documents\rappelz_screen00000019.JPG
[2011/10/16 23:47:08 | 000,247,064 | ---- | C] () -- C:\Users\Joe\Documents\rappelz_screen00000017.JPG
[2011/10/16 13:01:28 | 000,024,139 | ---- | C] () -- C:\Users\Joe\Documents\Occupy.jpg
[2011/10/15 18:17:00 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/13 15:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/10/13 15:29:40 | 000,028,056 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2011/10/12 14:07:52 | 000,000,772 | ---- | C] () -- C:\Users\Joe\Desktop\Pure Faction Launcher.lnk
[2011/09/13 22:05:50 | 000,709,968 | ---- | C] () -- C:\Windows\is-1HS8O.exe
[2011/08/27 19:08:59 | 000,001,822 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/07/25 20:48:01 | 000,002,329 | -HS- | C] () -- C:\Windows\conta32.exe
[2011/07/25 20:44:02 | 000,002,329 | -HS- | C] () -- C:\Windows\bgscan.exe
[2011/07/25 20:40:01 | 000,002,329 | -HS- | C] () -- C:\Windows\conappssvc.exe
[2011/07/25 20:36:08 | 000,002,329 | -HS- | C] () -- C:\Windows\configser.exe
[2011/07/16 15:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011/07/16 14:54:42 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2011/07/12 11:34:31 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/07/12 10:30:35 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/07/12 10:30:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/05/05 19:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/05/05 19:37:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/05/05 18:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2010/05/05 18:46:30 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/05/05 18:46:30 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/05/05 18:38:22 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/06 12:47:08 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/13 23:58:19 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\FileZilla
[2011/07/12 00:25:37 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\KeePass
[2011/08/05 21:18:03 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Razer
[2011/07/26 23:17:12 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Replay Media Catcher 4
[2011/07/16 15:03:02 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Samsung
[2011/11/07 00:43:33 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\uTorrent
[2011/09/06 17:37:55 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Vso
[2011/08/15 21:28:33 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\WinPatrol
[2011/11/06 12:32:03 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
maliprog
Posted 21 November 2011 - 12:47 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Joe Washburn and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    [2011/11/06 12:33:43 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{D0BCA247-6A51-4383-A07A-01F0B91ECF78}
    [2011/11/06 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{2F5948FB-40CB-451E-BB96-D16A07816FAB}
    [2011/11/05 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{16442631-E782-42A8-8B3C-4244F4A6B058}
    [2011/11/05 00:36:42 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{6B0522B6-D201-45D5-975E-406D01540F04}
    [2011/11/04 12:36:17 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{ABB29785-7CBA-4609-B188-10B2B39EF9BE}
    [2011/11/04 12:36:04 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{1FAFFA2E-E059-4227-825E-7867ABACB3A0}
    [2011/11/04 00:29:02 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{D1D5C1C5-B091-45AE-9569-27FB1A432FA3}
    [2011/11/04 00:28:51 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{A23E2E08-BE2A-4ABE-A567-52C3D6CE6670}
    [2011/11/03 12:28:24 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{D2727A8F-2602-4402-AC57-D6A0260B5ADC}
    [2011/11/03 12:28:12 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{2D72F49C-F3A8-4516-8F16-5364F811E438}
    [2011/11/03 00:27:46 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{BFABE912-A465-41C0-9346-9009069A1B0A}
    [2011/11/03 00:27:35 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{94A76434-4A6B-4638-9BE7-376D064CC158}
    [2011/11/02 12:22:59 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{33DBBEF3-F7CF-4A91-8251-A45C1CF7E852}
    [2011/11/02 00:22:32 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{8D327052-77AC-4B5B-8F34-F05EDD4496A0}
    [2011/11/01 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{25DB02E9-E6A8-4D90-ABB9-BC8F17FEBA05}
    [2011/11/01 12:21:56 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{7B634EC1-CF0F-4ECA-9157-F019F6FA783C}
    [2011/11/01 00:21:27 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{7A088528-0B4B-42F1-B1A1-0BE2526BC8BF}
    [2011/11/01 00:21:15 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{64EDDD2D-B480-4138-ADD3-5BE5AB1A847A}
    [2011/10/31 12:20:45 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{1FB64C4E-CC11-479F-AF17-074341CE5E44}
    [2011/10/31 00:20:19 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{C0047D92-E8F1-4D7B-8861-42FB94070F4E}
    [2011/10/30 12:19:52 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{34847224-BDB1-41C3-9135-BE546F12BD30}
    [2011/10/30 00:19:26 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{4F6C2D0D-6874-41A1-A779-0995884C46BA}
    [2011/10/29 12:18:46 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{4C6AAEC4-E484-4CAF-B260-5249195D47E7}
    [2011/10/29 00:18:01 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{E367F20A-1552-4925-AA24-F5D65EA0E5B8}
    [2011/10/28 12:17:33 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{DAE93CB7-B3F8-494F-8EA4-99ACF2675E60}
    [2011/10/28 12:17:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{442F2993-8F1E-4B41-8B82-BC1B84C06BE3}
    [2011/10/28 00:11:27 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{B3383077-8BE0-4651-8406-54C7C6A92D35}
    [2011/10/27 12:11:02 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{B2347DCF-A76A-44E6-A02A-817B15574D2E}
    [2011/10/27 00:10:32 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{C6F45DD0-29ED-454D-889D-B8BA03801282}
    [2011/10/26 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{A7F51CFD-64D5-453C-A5DB-1428D53DD3D2}
    [2011/10/26 12:09:44 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{7C5DECBD-A92F-478A-9EC0-ABBCD85C865B}
    [2011/10/25 12:29:01 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{16E979BE-D788-4215-8B4F-5EC483D982C0}
    [2011/10/25 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{C81A7915-147B-4212-8115-375D0CDA0DA6}
    [2011/10/25 00:28:29 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{E1D30C94-D330-4D6C-B729-42CE03009BF9}
    [2011/10/25 00:28:15 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{4A373C32-4983-4D92-990A-66DC8A9EB0F5}
    [2011/10/24 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{01DADF65-94F4-4E72-AB70-5EECD3E9748C}
    [2011/10/24 12:27:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{1394EA28-DAB9-4D71-91D3-C3F39D94C47F}
    [2011/10/24 00:27:36 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{D28A5E3F-D92E-470E-9327-C22190A0EE5D}
    [2011/10/24 00:27:25 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{E27C336E-9C04-44DD-8EA4-FA77BBD39A76}
    [2011/10/23 12:27:10 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{E0733155-27DF-40A3-B002-BFBE7C7526BB}
    [2011/10/23 12:26:58 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{4FB64E3C-9737-4500-968B-83ADFFAF1BD3}
    [2011/10/23 00:26:45 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{D3B04508-E615-4180-B170-736C052C7380}
    [2011/10/23 00:26:33 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{A10F5203-0EDD-42D7-81D5-F10243177175}
    [2011/10/22 12:26:19 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{2BDDD059-A9F2-402E-ADB7-5D90B7CCA932}
    [2011/10/22 12:26:06 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{B48850F8-3972-4EB6-BA75-0D246B52CB7C}
    [2011/10/22 00:25:52 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{336648D7-A3C8-440F-912E-C7F1817D2599}
    [2011/10/22 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{88B9F21F-03CC-410A-8BAA-2FC56C08B250}
    [2011/10/21 12:25:05 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{0110DAAF-0A5F-43CD-9C0C-89F5565B70BB}
    [2011/10/21 12:24:53 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{10E60A76-A475-439F-BB88-FA07988E0C77}
    [2011/10/20 14:10:55 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{51404595-5F5E-46ED-8CB7-31507504401E}
    [2011/10/20 14:10:39 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{C7CAECA2-D447-4069-BECD-1B5FC716284A}
    [2011/10/19 14:21:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{20FE8CE2-CEB2-45FE-BE82-834B79677F6F}
    [2011/10/19 14:20:59 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{43774975-2096-42B9-AE04-11D9155D3C18}
    [2011/10/19 02:00:39 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{495D287B-F309-42D4-AFAA-13E203405EBE}
    [2011/10/18 14:00:26 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{98D898D4-0367-43A3-91DD-1C1718914307}
    [2011/10/18 14:00:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{5BC8E7E0-0BB0-4F8F-A0E5-68AB2FEEE06B}
    [2011/10/18 02:00:00 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{0354AC18-089F-4DEB-8EEB-30C3F4D18064}
    [2011/10/18 01:59:48 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{2FBA1B81-3EB9-4F36-8EE9-00B056C0E651}
    [2011/10/17 13:59:33 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{D259A527-CA81-403E-BA12-925FC641A540}
    [2011/10/17 13:59:21 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{285791C6-E105-48FE-A726-F319AB1AE759}
    [2011/10/17 01:59:03 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{67B24753-067A-43AE-BF51-D597D9168115}
    [2011/10/17 01:58:51 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{B7F85C1C-823A-42EE-A039-2ADC299D7AF8}
    [2011/10/16 13:58:37 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{9EC18236-A555-4AAA-8433-70E8A7924088}
    [2011/10/16 13:58:26 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{22BBBD04-17D2-4180-8869-36F2E0FF5CA3}
    [2011/10/16 01:58:11 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{95CD281D-675B-42B8-BC94-B1384CD5BC01}
    [2011/10/16 01:57:59 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{E97A3D52-AB69-461A-AFCB-DE72A18B598D}
    [2011/10/15 13:57:46 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{57D18DDB-CA1D-4BC2-B5D0-6C4CA35E5D96}
    [2011/10/15 13:57:35 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{6FBEA8A8-8A99-477B-BC38-2F70D75E73D7}
    [2011/10/15 01:57:20 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{A9B1B084-DBB8-4B7E-9CC3-3EB507D3C47D}
    [2011/10/15 01:57:08 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{00A77E63-DD02-4370-AF81-88E7A9917580}
    [2011/10/14 13:45:16 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{103D89CA-FCCB-4652-8039-90A26A54029B}
    [2011/10/14 13:44:58 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{6C0223D4-5DFF-4B8A-A92B-1A693BC5FA2B}
    [2011/10/13 12:09:21 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{AC787982-78A4-4235-989E-EB7FFE68DEEA}
    [2011/10/13 12:09:00 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{6FA0A8EA-E787-4410-BAA4-056A20C8F050}
    [2011/10/13 00:08:42 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{15B0C459-DA8A-4DEA-98AF-C668E1E6F656}
    [2011/10/13 00:08:28 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{868CC012-203F-487F-96EB-AD20172F2E97}
    [2011/10/12 12:07:37 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{6137A2BB-0B75-4E28-BCDA-F5EF3515CCDE}
    [2011/10/12 12:07:21 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{478DC445-18EA-4F7B-953B-01CF5669DCE2}
    [2011/10/11 14:40:08 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{3E7F0CFC-137A-444D-B8B7-589EEF24CB7B}
    [2011/10/11 14:39:54 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{B508F4BC-E217-4787-B14D-6F3C244F96A7}
    [2011/10/11 02:39:21 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{AD6972D8-0446-4409-A129-186B4F89089A}
    [2011/10/11 02:39:09 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{A8D58C7F-EF06-419A-9BB6-03298D599552}
    [2011/10/10 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{78712F8D-FB77-4E4A-8F6C-729B347602E6}
    [2011/10/10 14:38:39 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{7B1D4505-BFD3-4B9C-B18F-1458C571285E}
    [2011/10/09 12:58:07 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{AA315773-D4A6-47F9-B87A-22C1277328FE}
    [2011/10/09 12:57:55 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{784354E9-D946-4D51-9269-700C24BBCBD3}
    [2011/10/09 00:57:40 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{F0D36E19-8209-4290-A61B-240840F13F0B}
    [2011/10/09 00:57:28 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{47161156-C5A4-4C0D-9486-EA6F502D3756}
    [2011/10/08 12:56:54 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{C0059372-43A0-4E21-8755-DF565BA810D4}
    [2011/10/08 12:56:42 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{79D505C3-2DC3-449B-826B-EDE205898112}
    [2011/10/08 00:56:26 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{1A3F5EA3-7ADB-4F4C-A720-6078B33A77C6}
    [2011/10/08 00:56:12 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\{90483757-976D-4553-84F5-C00D2A60EFAF}

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
Joe Washburn
Posted 21 November 2011 - 03:59 AM

Joe Washburn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Joe\AppData\Local\{D0BCA247-6A51-4383-A07A-01F0B91ECF78} folder moved successfully.
C:\Users\Joe\AppData\Local\{2F5948FB-40CB-451E-BB96-D16A07816FAB} folder moved successfully.
C:\Users\Joe\AppData\Local\{16442631-E782-42A8-8B3C-4244F4A6B058} folder moved successfully.
C:\Users\Joe\AppData\Local\{6B0522B6-D201-45D5-975E-406D01540F04} folder moved successfully.
C:\Users\Joe\AppData\Local\{ABB29785-7CBA-4609-B188-10B2B39EF9BE} folder moved successfully.
C:\Users\Joe\AppData\Local\{1FAFFA2E-E059-4227-825E-7867ABACB3A0} folder moved successfully.
C:\Users\Joe\AppData\Local\{D1D5C1C5-B091-45AE-9569-27FB1A432FA3} folder moved successfully.
C:\Users\Joe\AppData\Local\{A23E2E08-BE2A-4ABE-A567-52C3D6CE6670} folder moved successfully.
C:\Users\Joe\AppData\Local\{D2727A8F-2602-4402-AC57-D6A0260B5ADC} folder moved successfully.
C:\Users\Joe\AppData\Local\{2D72F49C-F3A8-4516-8F16-5364F811E438} folder moved successfully.
C:\Users\Joe\AppData\Local\{BFABE912-A465-41C0-9346-9009069A1B0A} folder moved successfully.
C:\Users\Joe\AppData\Local\{94A76434-4A6B-4638-9BE7-376D064CC158} folder moved successfully.
C:\Users\Joe\AppData\Local\{33DBBEF3-F7CF-4A91-8251-A45C1CF7E852} folder moved successfully.
C:\Users\Joe\AppData\Local\{8D327052-77AC-4B5B-8F34-F05EDD4496A0} folder moved successfully.
C:\Users\Joe\AppData\Local\{25DB02E9-E6A8-4D90-ABB9-BC8F17FEBA05} folder moved successfully.
C:\Users\Joe\AppData\Local\{7B634EC1-CF0F-4ECA-9157-F019F6FA783C} folder moved successfully.
C:\Users\Joe\AppData\Local\{7A088528-0B4B-42F1-B1A1-0BE2526BC8BF} folder moved successfully.
C:\Users\Joe\AppData\Local\{64EDDD2D-B480-4138-ADD3-5BE5AB1A847A} folder moved successfully.
C:\Users\Joe\AppData\Local\{1FB64C4E-CC11-479F-AF17-074341CE5E44} folder moved successfully.
C:\Users\Joe\AppData\Local\{C0047D92-E8F1-4D7B-8861-42FB94070F4E} folder moved successfully.
C:\Users\Joe\AppData\Local\{34847224-BDB1-41C3-9135-BE546F12BD30} folder moved successfully.
C:\Users\Joe\AppData\Local\{4F6C2D0D-6874-41A1-A779-0995884C46BA} folder moved successfully.
C:\Users\Joe\AppData\Local\{4C6AAEC4-E484-4CAF-B260-5249195D47E7} folder moved successfully.
C:\Users\Joe\AppData\Local\{E367F20A-1552-4925-AA24-F5D65EA0E5B8} folder moved successfully.
C:\Users\Joe\AppData\Local\{DAE93CB7-B3F8-494F-8EA4-99ACF2675E60} folder moved successfully.
C:\Users\Joe\AppData\Local\{442F2993-8F1E-4B41-8B82-BC1B84C06BE3} folder moved successfully.
C:\Users\Joe\AppData\Local\{B3383077-8BE0-4651-8406-54C7C6A92D35} folder moved successfully.
C:\Users\Joe\AppData\Local\{B2347DCF-A76A-44E6-A02A-817B15574D2E} folder moved successfully.
C:\Users\Joe\AppData\Local\{C6F45DD0-29ED-454D-889D-B8BA03801282} folder moved successfully.
C:\Users\Joe\AppData\Local\{A7F51CFD-64D5-453C-A5DB-1428D53DD3D2} folder moved successfully.
C:\Users\Joe\AppData\Local\{7C5DECBD-A92F-478A-9EC0-ABBCD85C865B} folder moved successfully.
C:\Users\Joe\AppData\Local\{16E979BE-D788-4215-8B4F-5EC483D982C0} folder moved successfully.
C:\Users\Joe\AppData\Local\{C81A7915-147B-4212-8115-375D0CDA0DA6} folder moved successfully.
C:\Users\Joe\AppData\Local\{E1D30C94-D330-4D6C-B729-42CE03009BF9} folder moved successfully.
C:\Users\Joe\AppData\Local\{4A373C32-4983-4D92-990A-66DC8A9EB0F5} folder moved successfully.
C:\Users\Joe\AppData\Local\{01DADF65-94F4-4E72-AB70-5EECD3E9748C} folder moved successfully.
C:\Users\Joe\AppData\Local\{1394EA28-DAB9-4D71-91D3-C3F39D94C47F} folder moved successfully.
C:\Users\Joe\AppData\Local\{D28A5E3F-D92E-470E-9327-C22190A0EE5D} folder moved successfully.
C:\Users\Joe\AppData\Local\{E27C336E-9C04-44DD-8EA4-FA77BBD39A76} folder moved successfully.
C:\Users\Joe\AppData\Local\{E0733155-27DF-40A3-B002-BFBE7C7526BB} folder moved successfully.
C:\Users\Joe\AppData\Local\{4FB64E3C-9737-4500-968B-83ADFFAF1BD3} folder moved successfully.
C:\Users\Joe\AppData\Local\{D3B04508-E615-4180-B170-736C052C7380} folder moved successfully.
C:\Users\Joe\AppData\Local\{A10F5203-0EDD-42D7-81D5-F10243177175} folder moved successfully.
C:\Users\Joe\AppData\Local\{2BDDD059-A9F2-402E-ADB7-5D90B7CCA932} folder moved successfully.
C:\Users\Joe\AppData\Local\{B48850F8-3972-4EB6-BA75-0D246B52CB7C} folder moved successfully.
C:\Users\Joe\AppData\Local\{336648D7-A3C8-440F-912E-C7F1817D2599} folder moved successfully.
C:\Users\Joe\AppData\Local\{88B9F21F-03CC-410A-8BAA-2FC56C08B250} folder moved successfully.
C:\Users\Joe\AppData\Local\{0110DAAF-0A5F-43CD-9C0C-89F5565B70BB} folder moved successfully.
C:\Users\Joe\AppData\Local\{10E60A76-A475-439F-BB88-FA07988E0C77} folder moved successfully.
C:\Users\Joe\AppData\Local\{51404595-5F5E-46ED-8CB7-31507504401E} folder moved successfully.
C:\Users\Joe\AppData\Local\{C7CAECA2-D447-4069-BECD-1B5FC716284A} folder moved successfully.
C:\Users\Joe\AppData\Local\{20FE8CE2-CEB2-45FE-BE82-834B79677F6F} folder moved successfully.
C:\Users\Joe\AppData\Local\{43774975-2096-42B9-AE04-11D9155D3C18} folder moved successfully.
C:\Users\Joe\AppData\Local\{495D287B-F309-42D4-AFAA-13E203405EBE} folder moved successfully.
C:\Users\Joe\AppData\Local\{98D898D4-0367-43A3-91DD-1C1718914307} folder moved successfully.
C:\Users\Joe\AppData\Local\{5BC8E7E0-0BB0-4F8F-A0E5-68AB2FEEE06B} folder moved successfully.
C:\Users\Joe\AppData\Local\{0354AC18-089F-4DEB-8EEB-30C3F4D18064} folder moved successfully.
C:\Users\Joe\AppData\Local\{2FBA1B81-3EB9-4F36-8EE9-00B056C0E651} folder moved successfully.
C:\Users\Joe\AppData\Local\{D259A527-CA81-403E-BA12-925FC641A540} folder moved successfully.
C:\Users\Joe\AppData\Local\{285791C6-E105-48FE-A726-F319AB1AE759} folder moved successfully.
C:\Users\Joe\AppData\Local\{67B24753-067A-43AE-BF51-D597D9168115} folder moved successfully.
C:\Users\Joe\AppData\Local\{B7F85C1C-823A-42EE-A039-2ADC299D7AF8} folder moved successfully.
C:\Users\Joe\AppData\Local\{9EC18236-A555-4AAA-8433-70E8A7924088} folder moved successfully.
C:\Users\Joe\AppData\Local\{22BBBD04-17D2-4180-8869-36F2E0FF5CA3} folder moved successfully.
C:\Users\Joe\AppData\Local\{95CD281D-675B-42B8-BC94-B1384CD5BC01} folder moved successfully.
C:\Users\Joe\AppData\Local\{E97A3D52-AB69-461A-AFCB-DE72A18B598D} folder moved successfully.
C:\Users\Joe\AppData\Local\{57D18DDB-CA1D-4BC2-B5D0-6C4CA35E5D96} folder moved successfully.
C:\Users\Joe\AppData\Local\{6FBEA8A8-8A99-477B-BC38-2F70D75E73D7} folder moved successfully.
C:\Users\Joe\AppData\Local\{A9B1B084-DBB8-4B7E-9CC3-3EB507D3C47D} folder moved successfully.
C:\Users\Joe\AppData\Local\{00A77E63-DD02-4370-AF81-88E7A9917580} folder moved successfully.
C:\Users\Joe\AppData\Local\{103D89CA-FCCB-4652-8039-90A26A54029B} folder moved successfully.
C:\Users\Joe\AppData\Local\{6C0223D4-5DFF-4B8A-A92B-1A693BC5FA2B} folder moved successfully.
C:\Users\Joe\AppData\Local\{AC787982-78A4-4235-989E-EB7FFE68DEEA} folder moved successfully.
C:\Users\Joe\AppData\Local\{6FA0A8EA-E787-4410-BAA4-056A20C8F050} folder moved successfully.
C:\Users\Joe\AppData\Local\{15B0C459-DA8A-4DEA-98AF-C668E1E6F656} folder moved successfully.
C:\Users\Joe\AppData\Local\{868CC012-203F-487F-96EB-AD20172F2E97} folder moved successfully.
C:\Users\Joe\AppData\Local\{6137A2BB-0B75-4E28-BCDA-F5EF3515CCDE} folder moved successfully.
C:\Users\Joe\AppData\Local\{478DC445-18EA-4F7B-953B-01CF5669DCE2} folder moved successfully.
C:\Users\Joe\AppData\Local\{3E7F0CFC-137A-444D-B8B7-589EEF24CB7B} folder moved successfully.
C:\Users\Joe\AppData\Local\{B508F4BC-E217-4787-B14D-6F3C244F96A7} folder moved successfully.
C:\Users\Joe\AppData\Local\{AD6972D8-0446-4409-A129-186B4F89089A} folder moved successfully.
C:\Users\Joe\AppData\Local\{A8D58C7F-EF06-419A-9BB6-03298D599552} folder moved successfully.
C:\Users\Joe\AppData\Local\{78712F8D-FB77-4E4A-8F6C-729B347602E6} folder moved successfully.
C:\Users\Joe\AppData\Local\{7B1D4505-BFD3-4B9C-B18F-1458C571285E} folder moved successfully.
C:\Users\Joe\AppData\Local\{AA315773-D4A6-47F9-B87A-22C1277328FE} folder moved successfully.
C:\Users\Joe\AppData\Local\{784354E9-D946-4D51-9269-700C24BBCBD3} folder moved successfully.
C:\Users\Joe\AppData\Local\{F0D36E19-8209-4290-A61B-240840F13F0B} folder moved successfully.
C:\Users\Joe\AppData\Local\{47161156-C5A4-4C0D-9486-EA6F502D3756} folder moved successfully.
C:\Users\Joe\AppData\Local\{C0059372-43A0-4E21-8755-DF565BA810D4} folder moved successfully.
C:\Users\Joe\AppData\Local\{79D505C3-2DC3-449B-826B-EDE205898112} folder moved successfully.
C:\Users\Joe\AppData\Local\{1A3F5EA3-7ADB-4F4C-A720-6078B33A77C6} folder moved successfully.
C:\Users\Joe\AppData\Local\{90483757-976D-4553-84F5-C00D2A60EFAF} folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 11212011_044129
  • 0

#4
Joe Washburn
Posted 21 November 2011 - 04:00 AM

Joe Washburn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ComboFix:
ComboFix 11-11-20.02 - Joe 11/21/2011 4:47.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2622 [GMT -5:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 09:52 . 2011-11-21 09:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-21 09:52 . 2011-11-21 09:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-21 09:52 . 2011-11-21 09:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-21 09:41 . 2011-11-21 09:41 -------- d-----w- C:\_OTL
2011-11-20 22:22 . 2011-11-21 01:39 -------- d-----w- c:\users\Joe\AppData\Roaming\TS3Client
2011-11-20 22:20 . 2011-11-20 22:20 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-11-20 21:47 . 2011-11-20 21:47 -------- d-----w- c:\program files\Sandboxie
2011-11-20 20:36 . 2011-11-20 20:36 -------- d-----w- c:\programdata\Apple Computer
2011-11-20 00:02 . 2011-11-20 00:02 -------- d-----w- c:\windows\PCHEALTH
2011-11-19 23:54 . 2011-11-19 23:54 -------- d-----w- c:\program files\CCleaner
2011-11-18 20:43 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5CACAE4C-334E-48C8-A056-56434072846E}\mpengine.dll
2011-11-15 08:34 . 2011-11-15 08:34 -------- d-----w- c:\users\Joe\AppData\Local\DDMSettings
2011-11-10 21:26 . 2011-11-10 21:31 -------- d-----w- c:\users\Joe\AppData\Roaming\Atanium
2011-11-10 21:26 . 2011-11-10 21:26 -------- d-----w- c:\program files (x86)\Atanium
2011-11-09 05:30 . 2011-11-09 05:30 -------- d-----w- c:\program files (x86)\uTorrent
2011-11-09 05:30 . 2011-11-09 05:30 -------- d-----w- c:\users\Joe\AppData\Local\uTorrent
2011-11-08 20:58 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 20:58 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 20:58 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 20:58 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 05:18 . 2011-11-07 05:18 -------- d-----w- c:\programdata\InstallMate
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 00:02 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-15 23:16 . 2011-10-15 23:16 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-15 08:53 . 2011-08-10 01:42 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-08-10 01:42 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-07-12 06:15 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-07-12 06:15 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-07-12 06:15 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-07-12 06:15 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-07-12 06:15 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-07-12 06:15 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-05-21 10:01 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-05-21 10:01 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2009-07-13 21:59 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 04:54 . 2011-10-15 04:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-10-13 20:29 . 2011-10-13 20:29 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2011-09-14 03:05 . 2011-09-14 03:05 709968 ----a-w- c:\windows\is-1HS8O.exe
2011-09-13 23:37 . 2011-09-13 23:37 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-13 23:37 . 2011-09-13 23:37 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-13 23:37 . 2011-09-13 23:37 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-13 23:37 . 2011-09-13 23:37 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-13 23:37 . 2011-09-13 23:37 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-13 23:37 . 2011-09-13 23:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-13 23:37 . 2011-09-13 23:37 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-13 23:37 . 2011-09-13 23:37 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-13 23:37 . 2011-09-13 23:37 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-13 23:37 . 2011-09-13 23:37 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-13 23:37 . 2011-09-13 23:37 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-13 23:37 . 2011-09-13 23:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-13 23:37 . 2011-09-13 23:37 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-13 23:37 . 2011-09-13 23:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-13 23:37 . 2011-09-13 23:37 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-13 23:37 . 2011-09-13 23:37 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-13 23:37 . 2011-09-13 23:37 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-13 23:37 . 2011-09-13 23:37 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-13 23:37 . 2011-09-13 23:37 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-13 23:37 . 2011-09-13 23:37 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-13 23:37 . 2011-09-13 23:37 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-13 23:37 . 2011-09-13 23:37 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-13 23:37 . 2011-09-13 23:37 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-13 23:37 . 2011-09-13 23:37 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-13 23:37 . 2011-09-13 23:37 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-13 23:37 . 2011-09-13 23:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-13 23:37 . 2011-09-13 23:37 448512 ----a-w- c:\windows\system32\html.iec
2011-09-13 23:37 . 2011-09-13 23:37 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-13 23:37 . 2011-09-13 23:37 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-13 23:37 . 2011-09-13 23:37 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-13 23:37 . 2011-09-13 23:37 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-13 23:37 . 2011-09-13 23:37 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-13 23:37 . 2011-09-13 23:37 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-13 23:37 . 2011-09-13 23:37 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-13 23:37 . 2011-09-13 23:37 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-13 23:37 . 2011-09-13 23:37 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-01 05:24 . 2011-10-12 06:18 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 06:18 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 06:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 06:18 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 06:18 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 06:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 21:00 . 2011-08-02 01:55 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 00:16 . 2011-07-26 03:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-28 18:47 . 2011-07-12 04:11 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-27 05:37 . 2011-10-11 22:15 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-11 22:15 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-11 22:15 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-11 22:15 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-07-03 01:34 59839 --sh--w- c:\windows\dtmn.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-12 3077528]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-07-29 17361032]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-10-12 643856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2011-10-13 3510680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\uqta9xkt.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2285024040-213415152-105909097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2011-11-21 04:57:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-21 09:57
ComboFix2.txt 2011-11-07 05:08
.
Pre-Run: 359,104,081,920 bytes free
Post-Run: 360,264,024,064 bytes free
.
- - End Of File - - 09F0B8063A767AA32C61FC782FE46522


Thank you maliprog for helping
  • 0

#5
maliprog
Posted 21 November 2011 - 04:09 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice. Let's do this two scans.

Step 1

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 2

Please update your malwarebytes and do Quick Scan. Post log after the scan here for me.


Step 3

Please don't forget to include these items in your reply:


  • VRT log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#6
Joe Washburn
Posted 22 November 2011 - 03:16 PM

Joe Washburn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Kaspersky: Status: Deleted (events: 1)
11/22/2011 3:24:27 PM Deleted Trojan program Trojan-Downloader.WMA.Wimad.x D:\Files\9-10-10\Music\Saved\qba libre & m1 – god [bleep].wma High


Malwarebytes':

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8220

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/22/2011 3:38:14 PM
mbam-log-2011-11-22 (15-38-14).txt

Scan type: Quick scan
Objects scanned: 191469
Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
maliprog
Posted 23 November 2011 - 12:07 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Joe Washburn,

I don't see any sign of infection now.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#8
maliprog
Posted 24 November 2011 - 12:20 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP