Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create an account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you have signed in.
Sign In Create Account

Help with bprotect.exe malware [Solved]


  • This topic is locked This topic is locked

#1
icikle

icikle

    Member

  • Member
  • PipPipPip
  • 138 posts
Hi,

I also posted in windows7 forums regarding a Userinit application error Ive been getting. I did mention there that I had no malware but since then Ive managed to find some. I am enclosing a HJT log file for your perusal but I would be very grateful if you could provide some assistance as I cant seem to get rid of it myself. Thanks a bundle.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:55:24, on 21/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\bProtector\bProtect.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?l=dis&o=14196
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: File2LinkIB - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files\file2linkib\file2linkibX.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: File2LinkIB - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files\file2linkib\file2linkibX.dll (file missing)
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6595905-E595-4BF5-AA22-B6ED642245EC}: NameServer = 213.120.234.6,217.32.171.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6595905-E595-4BF5-AA22-B6ED642245EC}: NameServer = 213.120.234.6,217.32.171.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6595905-E595-4BF5-AA22-B6ED642245EC}: NameServer = 213.120.234.6,217.32.171.22
O20 - AppInit_DLLs: protector.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: bProtector - bProtector - C:\ProgramData\bProtector\bProtect.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5471 bytes
  • 0

Similar Topics: Help with bprotect.exe malware [Solved]     x


#2
icikle

icikle

    Member

  • Member
  • PipPipPip
  • 138 posts
bump....sorry
  • 0

#3
icikle

icikle

    Member

  • Member
  • PipPipPip
  • 138 posts
bump, sigh, posted in waiting room 2 days ago..
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 61,110 posts
Hi there I will need a proper look at your system first as Hijackthis does not look deep enough

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#5
icikle

icikle

    Member

  • Member
  • PipPipPip
  • 138 posts
Thank you for your assistance, all attached as requested.

Thanks.

Attached Files


Edited by icikle, 27 December 2011 - 04:18 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 61,110 posts
On completion of this run can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (bProtector)
    [2011/12/20 14:53:00 | 000,002,409 | ---- | M] () -- C:\Users\Icikle\AppData\Roaming\Mozilla\Firefox\Profiles\mxws1nhw.default\searchplugins\SearchTheWeb.xml
    O20 - AppInit_DLLs: (protector.dll) -C:\Windows\System32\protector.dll ()
    [2011/12/19 22:20:41 | 000,748,544 | ---- | C] () -- C:\Windows\System32\protector.dll

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
icikle

icikle

    Member

  • Member
  • PipPipPip
  • 138 posts
Hi, done and logs attached.

I did get a task scheduler engine stopped working error when i logged back in to windows, not sure if thats malware but Ive tried a windows 7 startup repaid and that finds no errors either.

OTL logfile created on: 27/12/2011 22:39:21 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Icikle\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 76.47% Memory free
6.49 Gb Paging File | 5.67 Gb Available in Paging File | 87.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 731.25 Gb Free Space | 78.51% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 70.16 Mb Free Space | 70.17% Space Free | Partition Type: NTFS

Computer Name: UPSTAIRS | User Name: Icikle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/27 21:48:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Icikle\Desktop\OTL.exe
PRC - [2011/11/28 18:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/10/26 02:01:18 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/26 02:00:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/10/25 21:13:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/08/15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/20 14:53:00 | 000,748,544 | ---- | M] () -- C:\Windows\System32\protector.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/08 14:29:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/26 02:00:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/10/25 21:13:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/18 18:55:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/26 03:03:48 | 008,853,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/26 01:21:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 18:13:10 | 000,117,584 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2011/06/24 05:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011/06/06 22:06:54 | 000,211,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010/01/11 10:02:44 | 001,119,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/08/04 02:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/17 03:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/05/07 20:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/05/06 07:00:38 | 000,012,928 | ---- | M] (ROCCAT Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArvoFltr.sys -- (ArvoFltr)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.goonsearc...R-IB-PDP-INS-HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.goonsearc...R-IB-PDP-INS-HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?l=dis&o=14196
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 74 8B 9E 6B A5 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "google"
FF - prefs.js..browser.search.defaultenginename: "google"
FF - prefs.js..browser.search.order.1: "ask.com"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {cafeefac-0016-0000-0020-abcdeffedcba}:6.0.20
FF - prefs.js..keyword.url: "http://www.google.co...ient&gfns=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Icikle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Icikle\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 00:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/05 13:11:51 | 000,000,000 | ---D | M]

[2010/12/17 21:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icikle\AppData\Roaming\Mozilla\Extensions
[2011/12/20 14:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icikle\AppData\Roaming\Mozilla\Firefox\Profiles\mxws1nhw.default\extensions
[2011/12/20 14:53:00 | 000,002,409 | ---- | M] () -- C:\Users\Icikle\AppData\Roaming\Mozilla\Firefox\Profiles\mxws1nhw.default\searchplugins\SearchTheWeb.xml
[2011/11/10 00:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 00:02:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/18 17:27:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 08:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 08:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 08:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 08:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/12/27 22:36:26 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6595905-E595-4BF5-AA22-B6ED642245EC}: NameServer = 213.120.234.6,217.32.171.22
O20 - AppInit_DLLs: (protector.dll) -C:\Windows\System32\protector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d977115c-d979-11e0-b6d1-20cf30f0b924}\Shell - "" = AutoRun
O33 - MountPoints2\{d977115c-d979-11e0-b6d1-20cf30f0b924}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{e6bc6eed-c610-11e0-afe2-20cf30f0b924}\Shell - "" = AutoRun
O33 - MountPoints2\{e6bc6eed-c610-11e0-afe2-20cf30f0b924}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 22:36:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/27 21:55:11 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\Icikle\Desktop\aswMBR.exe
[2011/12/27 21:48:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Icikle\Desktop\OTL.exe
[2011/12/27 12:53:53 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{9B7B5088-54BA-4D8A-9127-CDF2E10AF2CF}
[2011/12/27 12:53:31 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{CB1A2435-ECC2-4833-A963-FD4E3CF7A281}
[2011/12/27 00:53:06 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{61224B6F-C517-458A-9907-D4235221F180}
[2011/12/27 00:52:43 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{7216AF2F-9BC9-4192-93B0-ED507DEDE0D6}
[2011/12/26 12:52:18 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{ED6DD265-62ED-401C-A34D-9F1B8E788E19}
[2011/12/26 12:51:55 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{0E9334BB-4F11-4BE7-9543-E57E6AED839E}
[2011/12/26 00:51:30 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{F29F4AF0-FFAB-4BAF-BBD8-953EF75613A5}
[2011/12/26 00:51:02 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{356EF51C-90A1-4C62-BC29-239D0A2A3887}
[2011/12/25 12:50:50 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{E8E2D4F7-4F09-4AF0-B062-E245C6200C3C}
[2011/12/25 12:50:27 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{046162C4-7457-4541-9315-0BDAF3A8755C}
[2011/12/25 00:50:02 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{2AAD95EF-544D-46A9-87FA-27CC546B9875}
[2011/12/25 00:49:40 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{25AB2F75-18AA-486F-A603-25AD7CD79410}
[2011/12/24 12:49:15 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{AB98897C-47E4-4461-A2D2-2091A79E2160}
[2011/12/24 12:48:53 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{C46B4C05-FEE1-4213-B96C-57C2E22C0F4B}
[2011/12/24 00:48:28 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{580564C8-5851-4C86-9CA9-ECF2AFC7218D}
[2011/12/24 00:48:05 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{49426BC7-F8DF-4235-BC37-A2BBB56B2357}
[2011/12/23 12:47:40 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{D491D8F1-01A8-4BBB-9BD9-0851DA12915B}
[2011/12/23 12:47:18 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{158174EB-36A0-44FC-A78C-C642DC3D8DAE}
[2011/12/23 00:46:53 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{DACF7733-E2D0-4E9F-A128-FD0ACE379F0B}
[2011/12/23 00:46:26 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{29AD0A23-8B83-4289-9C24-F04E7384FCF8}
[2011/12/22 12:46:00 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{84F869A3-2BE3-4103-961D-B00E3078239D}
[2011/12/22 12:45:42 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{48684E85-84CB-4AFD-831E-4CA0AC7DBAFB}
[2011/12/21 17:46:52 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/21 17:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hijackthis
[2011/12/21 16:45:12 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{38BC4412-2D73-4DAA-8E7C-FC118B47009D}
[2011/12/21 16:44:52 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{843D882F-2F7A-4A3D-864D-81B4F732846F}
[2011/12/21 02:50:55 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{3D460422-72D7-4245-878E-C1D32137B2B2}
[2011/12/20 15:53:10 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Roaming\Malwarebytes
[2011/12/20 15:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 15:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/20 15:53:03 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/20 15:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/20 14:50:06 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{21400C18-70A3-4A51-8BA3-ACD62643B8AB}
[2011/12/20 14:49:27 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{8177464B-6A57-4626-B911-AE489355A809}
[2011/12/20 00:32:52 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{5A4A4E8D-8502-4D78-9E1A-BDE06B45CE7C}
[2011/12/20 00:32:30 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{EE59B73B-3A90-41F7-A29A-7B83626845DB}
[2011/12/19 23:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Lives 2007
[2011/12/19 23:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Educational Simulations
[2011/12/19 22:21:00 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Roaming\PerformerSoft
[2011/12/19 22:20:59 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2011/12/19 22:16:51 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2011/12/19 12:32:05 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{9D7E2D3D-D4C6-40A0-8863-21B72577DA76}
[2011/12/19 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{8A8FCE7E-57F4-4D3D-9B53-8E359E5B1A78}
[2011/12/17 08:12:14 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{FC299397-7718-4E43-BCCC-98894FE8A712}
[2011/12/17 08:11:52 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{4E31356A-2955-4E3A-B0F1-6DB6EF76E236}
[2011/12/16 15:46:09 | 000,000,000 | ---D | C] -- C:\Users\Icikle\Documents\My Curse
[2011/12/16 15:45:35 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2011/12/16 15:22:44 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{FED898D6-057B-4488-9321-E8BA5BEC7FAE}
[2011/12/16 15:22:19 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{7FC1ACA5-F9C5-4AA4-877B-DD410AAF3A25}
[2011/12/16 01:51:52 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{ED06FA55-5769-469D-8478-E1A809DAB961}
[2011/12/16 01:51:30 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{B37C640B-F452-4588-B0D1-506FA4431588}
[2011/12/15 15:45:07 | 000,000,000 | ---D | C] -- C:\Users\Icikle\FrostWire
[2011/12/15 15:45:06 | 000,000,000 | ---D | C] -- C:\Users\Icikle\.frostwire5
[2011/12/15 13:51:17 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{25703C0D-074C-405F-92B6-7859A7F73B9D}
[2011/12/15 13:51:05 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{0FC434B5-1FB2-458C-8D6E-96578BB9AAF7}
[2011/12/15 00:38:59 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{4C0AF3C8-3FE0-4AAB-9722-6B49F4F259FC}
[2011/12/15 00:38:37 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{E0343CD4-BC03-4B95-9964-D609B876205E}
[2011/12/14 12:38:11 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{2DD932B4-DC38-4473-983F-DD5F6C8093EA}
[2011/12/14 12:37:40 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{99930905-19A1-454D-8770-C2DE7508EAD8}
[2011/12/13 16:05:39 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{FDE61FF0-CE56-4AE2-A3B3-583DAE8E186C}
[2011/12/13 16:05:00 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{E927CF49-0BD5-4592-8751-E66E7C302C3D}
[2011/12/13 01:24:39 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{D8C065E5-F287-4119-9397-C3A98AFEBCF3}
[2011/12/13 01:24:16 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{7963B21A-24D0-4CF8-A27D-A6E122B205A3}
[2011/12/12 21:34:04 | 000,000,000 | ---D | C] -- C:\Users\Icikle\Documents\Remote Assistance Logs
[2011/12/12 13:24:04 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{DDA553CF-AA47-4683-88D8-24C4F363DC90}
[2011/12/12 13:23:41 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{30BB158F-71CF-47E3-9C15-7193FCD55518}
[2011/12/12 01:23:16 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{7F565330-D061-41B7-999B-38E62B7D326D}
[2011/12/12 01:22:54 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{77C06B4E-826B-4F3A-A51B-E3CEE23FDF9F}
[2011/12/11 13:22:41 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{1707F78C-01D0-47CD-9FCF-CE0CC66968AD}
[2011/12/11 13:22:19 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{4EAC9272-A6A0-4BA7-9286-052BD43A8F71}
[2011/12/11 01:21:54 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{F162AB78-AAC8-4851-A73B-8D7C259819EB}
[2011/12/11 01:21:32 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{6D340DFC-43C8-4DAB-89A4-1182F0FBAB4A}
[2011/12/10 13:21:01 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{F51FC80F-789C-4C95-9FB7-1DD4BE03F651}
[2011/12/10 13:20:38 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{7507805C-4726-4420-AF08-58BCBE8F4A24}
[2011/12/10 01:20:12 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{37D77079-E9D0-4DDF-B76D-A14A09149164}
[2011/12/10 01:19:50 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{5ADB367E-5985-453E-A549-6307BD1CB401}
[2011/12/09 13:19:25 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{FDEC1474-56D9-46C3-B0AE-FF5236F2241B}
[2011/12/09 13:19:01 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{3C603969-137C-434F-A04C-B89BF170974F}
[2011/12/09 01:18:35 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{93F32EBD-217C-47E6-8B05-5D5366D1969A}
[2011/12/09 01:18:12 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{0F177141-61DA-49F5-A05C-F1FCFED9007D}
[2011/12/08 13:17:47 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{003CA5CD-7442-45CD-8196-1C9D6D72026A}
[2011/12/08 13:17:24 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{C31E75F9-A79D-4DA5-B58F-2C4ADF57B5AA}
[2011/12/08 01:16:59 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{87D937FF-64C3-428A-ACF2-6D8AE5C14FCA}
[2011/12/08 01:16:37 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{8E8F3DB2-62B2-473C-BA27-0310A7A5320F}
[2011/12/07 13:16:23 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{DDA00605-AE85-4A13-85D8-BD03E4EB5824}
[2011/12/07 13:16:05 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{10CA1A45-6262-4C8C-92EA-22C086335CE2}
[2011/12/07 00:35:47 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{91C4980D-D70A-4E24-B295-2B36E5EAE469}
[2011/12/07 00:35:24 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{0916A668-4E92-4B48-A4D0-91F86D42F292}
[2011/12/06 12:34:57 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{07D62E13-1E52-4257-AF94-25C228F0A22E}
[2011/12/06 12:34:39 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{1353BDCC-C745-4F0B-80F2-24406BBB97A6}
[2011/12/05 13:18:54 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{B9FA9203-8794-4FCC-8736-83FF4520DCFD}
[2011/12/05 13:18:35 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{6FE73EB3-6E80-4B1F-B833-FF20D2333B54}
[2011/12/05 00:37:58 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{26AA1E05-D7FC-4B76-BF6B-8F442210FC2D}
[2011/12/05 00:37:36 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{120C5752-593C-4BCD-8571-190A34BAF699}
[2011/12/04 12:37:23 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{EAD685E6-1965-488D-9CAD-3A5DF1335908}
[2011/12/04 12:37:01 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{FA78E74B-13CF-4AA8-8D54-581F39F8BF00}
[2011/12/04 00:36:36 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{73326FC9-588D-4B96-9C18-0E15A1536469}
[2011/12/04 00:36:13 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{ED645547-2CCC-4CE0-957B-EADC194127F8}
[2011/12/03 12:36:01 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{2D4DB91B-DF45-4AA9-B641-18F8CFBBA21C}
[2011/12/03 12:35:38 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{DB981C91-AC84-41CB-8E61-110D98193890}
[2011/12/03 00:35:13 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{01AA9674-6BAD-4973-A1BB-4742592A8B5C}
[2011/12/03 00:34:45 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{A704712C-106E-4C4F-B98E-A5394AA5C3B2}
[2011/12/02 12:34:32 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{3173D426-9185-42F3-BF76-F076FA331508}
[2011/12/02 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{37590662-A7BA-419A-A6A0-7D80939BC6A2}
[2011/12/01 14:13:25 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{83CD5F03-9FA6-4AE9-BC23-5310291741F3}
[2011/12/01 14:12:58 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{914B3F21-FAF9-46E4-9B86-FDE6E7C7DCA3}
[2011/12/01 01:22:04 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{19419CDF-AFE5-4C53-8219-9CCA819F35BD}
[2011/12/01 01:21:33 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{23CAF57B-ADFB-4797-9F32-524FD2B108B7}
[2011/11/30 13:21:21 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{B328081F-4603-46E0-90F2-4F8320A0DFC1}
[2011/11/30 13:20:58 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{BCE74E54-C662-4672-954A-0630C705F617}
[2011/11/30 01:20:33 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{67FA1653-DCFE-4890-AA69-DCFFF0073E18}
[2011/11/30 01:20:04 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{E5101E4E-8D57-4952-9ED4-FF7B6B6AC68F}
[2011/11/29 13:19:48 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{A19E1559-8313-438B-B9AF-2FDB76F8FFEB}
[2011/11/29 13:19:08 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{86390AA7-F242-49ED-8A87-BB73E5BB1122}
[2011/11/28 19:56:12 | 000,000,000 | ---D | C] -- C:\Users\Icikle\Documents\Star Wars - The Old Republic
[2011/11/28 14:03:57 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{AC36C62B-AAA3-4059-8E70-4BB6848BAECE}
[2011/11/28 14:03:40 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{6C08DEFD-3F0F-4345-8962-07708F5D9561}
[2011/11/28 00:11:45 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{6675A71E-A0E6-4453-985B-D3FA5562A15D}
[2011/11/28 00:11:23 | 000,000,000 | ---D | C] -- C:\Users\Icikle\AppData\Local\{B384DDCB-76F8-44F4-8401-9E8555E73325}

========== Files - Modified Within 30 Days ==========

[2011/12/27 22:37:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/27 22:37:47 | 2615,812,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/27 22:36:26 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/27 21:55:13 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Icikle\Desktop\aswMBR.exe
[2011/12/27 21:48:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Icikle\Desktop\OTL.exe
[2011/12/27 12:35:41 | 000,019,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/27 12:35:41 | 000,019,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 13:12:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/12/22 13:12:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/12/21 18:14:44 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/21 17:46:52 | 000,002,991 | ---- | M] () -- C:\Users\Icikle\Desktop\HiJackThis.lnk
[2011/12/20 22:00:55 | 000,140,072 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/12/20 22:00:45 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/12/20 21:58:26 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011/12/20 15:53:06 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/20 14:53:38 | 000,001,994 | ---- | M] () -- C:\Users\Icikle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/20 14:53:15 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 14:53:15 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 14:53:00 | 000,748,544 | ---- | M] () -- C:\Windows\System32\protector.dll
[2011/12/19 22:21:01 | 000,001,043 | ---- | M] () -- C:\ProgramData\repository.xml
[2011/12/19 22:17:22 | 000,003,120 | ---- | M] () -- C:\Windows\System32\2TCUEPSQ.ocx
[2011/12/19 22:16:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/19 22:16:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/16 15:45:35 | 000,000,312 | ---- | M] () -- C:\Users\Icikle\Desktop\Curse Client.appref-ms
[2011/12/15 13:45:51 | 000,292,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/06 23:56:48 | 000,138,056 | ---- | M] () -- C:\Users\Icikle\AppData\Roaming\PnkBstrK.sys
[2011/12/02 18:04:22 | 000,017,464 | ---- | M] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2011/11/28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 18:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/12/22 13:12:17 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/12/22 13:12:17 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/12/21 17:46:52 | 000,002,991 | ---- | C] () -- C:\Users\Icikle\Desktop\HiJackThis.lnk
[2011/12/20 15:53:06 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/19 22:21:01 | 000,001,043 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/12/19 22:20:41 | 000,748,544 | ---- | C] () -- C:\Windows\System32\protector.dll
[2011/12/19 22:17:22 | 000,003,120 | ---- | C] () -- C:\Windows\System32\2TCUEPSQ.ocx
[2011/12/19 22:16:50 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/19 22:16:50 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/16 15:45:35 | 000,000,312 | ---- | C] () -- C:\Users\Icikle\Desktop\Curse Client.appref-ms
[2011/11/09 20:49:38 | 000,007,605 | ---- | C] () -- C:\Users\Icikle\AppData\Local\Resmon.ResmonCfg
[2011/10/28 21:13:04 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/10/28 21:13:03 | 000,138,056 | ---- | C] () -- C:\Users\Icikle\AppData\Roaming\PnkBstrK.sys
[2011/10/28 21:12:30 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/10/28 21:12:27 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/10/26 01:31:36 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/10/26 01:31:36 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/30 14:33:12 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/10 23:25:12 | 000,120,284 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/12/19 13:35:15 | 000,035,023 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/12/17 22:46:12 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/17 22:17:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/17 21:34:59 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2010/12/17 21:34:59 | 000,011,296 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010/12/17 21:30:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/12/17 21:30:27 | 000,028,607 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/17 03:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,292,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,628,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,110,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/09 01:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/03 12:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011/08/14 01:08:44 | 000,000,000 | ---D | M] -- C:\Users\Icikle\AppData\Roaming\DAEMON Tools Pro
[2011/09/30 14:47:07 | 000,000,000 | ---D | M] -- C:\Users\Icikle\AppData\Roaming\Electronic Arts
[2011/10/20 13:46:25 | 000,000,000 | ---D | M] -- C:\Users\Icikle\AppData\Roaming\fltk.org
[2011/08/18 17:30:23 | 000,000,000 | ---D | M] -- C:\Users\Icikle\AppData\Roaming\Free PDF to Word Converter
[2011/06/08 21:18:39 | 000,000,000 | ---D | M] -- C:\Users\Icikle\AppData\Roaming\LolClient
[2010/12/18 17:31:05 | 000,000,000 | ---D | M] -- C:\Users\Icikle\AppData\Roaming\OpenOffice.org
[2011/10/28 20:40:49 | 000,000,000 | ---D | M] -- C:\Users\Icikle\AppData\Roaming\Origin
[2011/12/19 22:21:45 | 000,000,000 | ---D | M] -- C:\Users\Icikle\AppData\Roaming\PerformerSoft
[2011/11/12 15:52:43 | 000,000,000 | ---D | M] -- C:\Users\Icikle\AppData\Roaming\Sports Interactive
[2011/06/07 20:51:12 | 000,000,000 | ---D | M] -- C:\Users\Icikle\AppData\Roaming\SystemRequirementsLab
[2011/07/30 23:44:57 | 000,000,000 | ---D | M] -- C:\Users\Icikle\AppData\Roaming\Tunngle
[2011/12/19 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\Icikle\AppData\Roaming\uTorrent
[2011/11/25 17:50:57 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Files


  • 0

#8
icikle

icikle

    Member

  • Member
  • PipPipPip
  • 138 posts
Problems still persist,

sometimes when i logon to windows, i cant launch anything and i have to reboot. Other times I launch fine but then the odd program refuses to launch at all, for example windows live messenger, the process will be in the processes list on task manager but I wont be able to see it open, I can end the process and try opening it again but still nothing. If I try and repair its installation, it crashes, if I try and uninstall it, it crashes...

Edited by icikle, 28 December 2011 - 06:05 AM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 61,110 posts
Hmm protector has returned - so lets use a bigger hammer

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#10
icikle

icikle

    Member

  • Member
  • PipPipPip
  • 138 posts
Hello,

combofix log is attached.

I had a clean reboot, no errors for first time in weeks.


However:

Curse Client for World of Warcraft seems to have uninstalled itself.

Windows Live did not autostart and has been removed from the list of startup items in msconfig, even though it is still installed and runs normally when I launch it manually. Edit: Scratch that WindowsLive is back in my startup items after a 2nd reboot.

ComboFix 11-12-28.03 - Icikle 28/12/2011 19:16:22.1.6 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3326.2215 [GMT 0:00]
Running from: c:\users\Icikle\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))
.
.
2011-12-28 19:21 . 2011-12-28 19:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-28 14:54 . 2011-12-28 14:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCE4CB42-2C16-45E0-8EBC-17632E55EE93}\offreg.dll
2011-12-27 22:36 . 2011-12-27 22:36 -------- d-----w- C:\_OTL
2011-12-27 12:33 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCE4CB42-2C16-45E0-8EBC-17632E55EE93}\mpengine.dll
2011-12-27 12:28 . 2011-12-27 12:29 -------- d-----w- c:\users\1cikle
2011-12-21 17:46 . 2011-12-21 17:46 388096 ----a-r- c:\users\Icikle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-20 15:53 . 2011-12-20 15:53 -------- d-----w- c:\users\Icikle\AppData\Roaming\Malwarebytes
2011-12-20 15:53 . 2011-12-20 15:53 -------- d-----w- c:\programdata\Malwarebytes
2011-12-20 15:53 . 2011-12-20 15:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-20 15:53 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-19 23:35 . 2011-12-19 23:35 -------- d-----w- c:\program files\Educational Simulations
2011-12-19 22:21 . 2011-12-19 22:21 -------- d-----w- c:\users\Icikle\AppData\Roaming\PerformerSoft
2011-12-19 22:20 . 2011-12-02 18:04 17464 ----a-w- c:\windows\system32\roboot.exe
2011-12-19 22:20 . 2011-12-20 14:53 748544 ----a-w- c:\windows\system32\protector.dll
2011-12-19 22:16 . 1999-03-23 09:12 299520 ----a-w- c:\windows\uninst.exe
2011-12-15 15:45 . 2011-12-15 15:46 -------- d-----w- c:\users\Icikle\FrostWire
2011-12-15 15:45 . 2011-12-15 15:49 -------- d-----w- c:\users\Icikle\.frostwire5
2011-12-14 19:08 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 19:05 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 19:04 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 12:04 . 2011-06-13 23:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-20 22:00 . 2011-10-28 21:13 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-20 22:00 . 2011-10-28 21:39 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-20 22:00 . 2011-10-28 21:12 280904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-20 21:58 . 2011-10-28 21:12 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-06 23:56 . 2011-10-28 21:13 138056 ----a-w- c:\users\Icikle\AppData\Roaming\PnkBstrK.sys
2011-12-06 23:56 . 2011-10-28 21:12 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-11-28 18:01 . 2010-12-17 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-12-17 21:45 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-06-07 20:54 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-12-17 21:45 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-12-17 21:45 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-12-17 21:45 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-12-17 21:45 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2010-12-17 21:45 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-26 03:03 . 2011-10-26 03:03 8853504 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-26 02:06 . 2011-10-26 02:06 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 02:05 . 2010-11-26 02:58 748544 ----a-w- c:\windows\system32\aticfx32.dll
2011-10-26 02:01 . 2011-07-28 21:36 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:01 . 2011-10-26 02:01 417792 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-26 02:00 . 2011-10-26 02:00 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-26 01:59 . 2011-10-26 01:59 18757120 ----a-w- c:\windows\system32\atioglxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-10-26 01:58 . 2011-10-26 01:58 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-26 01:58 . 2011-10-26 01:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-10-26 01:55 . 2010-11-26 02:49 4292096 ----a-w- c:\windows\system32\atidxx32.dll
2011-10-26 01:43 . 2011-10-26 01:43 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-10-26 01:38 . 2011-10-26 01:38 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-10-26 01:38 . 2011-10-26 01:38 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-10-26 01:35 . 2011-05-25 02:39 4353536 ----a-w- c:\windows\system32\atiumdag.dll
2011-10-26 01:34 . 2011-10-26 01:34 8449024 ----a-w- c:\windows\system32\aticaldd.dll
2011-10-26 01:32 . 2011-05-25 02:50 4189184 ----a-w- c:\windows\system32\atiumdva.dll
2011-10-26 01:29 . 2010-11-26 02:24 52736 ----a-w- c:\windows\system32\coinst.dll
2011-10-26 01:22 . 2011-07-28 20:54 339968 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-10-26 01:21 . 2011-10-26 01:21 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-26 01:21 . 2010-11-26 02:15 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-10-26 01:20 . 2011-05-25 02:24 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-10-26 01:20 . 2011-10-26 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-10-25 21:21 . 2011-10-25 21:21 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-25 21:21 . 2011-10-25 21:21 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-25 21:20 . 2011-10-25 21:20 13950464 ----a-w- c:\windows\system32\amdocl.dll
2011-10-11 17:03 . 2011-10-11 17:03 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-11 17:03 . 2011-10-11 17:03 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-10 00:02 . 2011-06-07 20:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Icikle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Icikle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Icikle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Icikle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arvo]
2009-09-01 15:23 172032 ----a-w- c:\program files\ROCCAT\Arvo Keyboard\ArvoHID.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2010-02-10 06:52 1713152 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 16:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-15 16:18 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 17:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROCCAT Pyra Mouse]
2009-12-07 21:54 528384 ----a-w- c:\program files\ROCCAT\Pyra Mouse\PyraMonitor.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-10-25 22:05 343168 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-04 18:51 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 11:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALSysIO;ALSysIO;c:\users\Icikle\AppData\Local\Temp\ALSysIO.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 117584]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 8853504]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 264192]
S3 ArvoFltr;ROCCAT Arvo;c:\windows\system32\drivers\ArvoFltr.sys [2009-05-06 12928]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-11 1119232]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com/?l=dis&o=14196
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{B6595905-E595-4BF5-AA22-B6ED642245EC}: NameServer = 213.120.234.6,217.32.171.22
FF - ProfilePath - c:\users\Icikle\AppData\Roaming\Mozilla\Firefox\Profiles\mxws1nhw.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.url - hxxp://www.google.com/search?ie=utf-8&oe=utf-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-702871813-579512193-3235239441-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Users\\Icikle\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\Icikle\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\Icikle\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Icikle\\Documents\\Sports Interactive\\Football Manager 2011\\games\\liverpool single.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f8d
"VersionOf"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="34-FCB5-2AF3"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:0000000b
"StaffSearchFeatureNum"=dword:00000007
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:0000000e
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
.
[HKEY_USERS\S-1-5-21-702871813-579512193-3235239441-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,af,fd,20,ec,7f,6b,02,ec,f2,5f,c0,e5,4d,47,8d,7a,07,aa,d3,c8,
4f,74,d1,87,8f,f9,a0,fd,57,ae,f2,69,7c,82,5a,48,64,7b,21,7a,3c,95,0d,7d,c5,\
"rkeysecu"=hex:d5,74,c3,c1,b3,0d,9f,78,f1,65,9b,b6,e2,d8,b4,56
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-28 19:22:52
ComboFix-quarantined-files.txt 2011-12-28 19:22
.
Pre-Run: 781,790,699,520 bytes free
Post-Run: 781,468,233,728 bytes free
.
- - End Of File - - 4D064513340CB56DDA0DA1B3120A07E6

Attached Files


Edited by Essexboy, 28 December 2011 - 01:39 PM.

  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 61,110 posts
What problems remain ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#12
icikle

icikle

    Member

  • Member
  • PipPipPip
  • 138 posts
There dont seem to be any problems as such, certainly all the errors have stopped.

But I had to reinstall Anti Malware despite the fact I never uninstalled it in the first place, guess combofix is responsible for this.

Also Avast would not boot at startup any more so i had to reinstall that to fix it.

Log below:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Icikle :: UPSTAIRS [administrator]

Protection: Disabled

28/12/2011 19:57:56
mbam-log-2011-12-28 (19-57-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180353
Time elapsed: 1 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 61,110 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#14
icikle

icikle

    Member

  • Member
  • PipPipPip
  • 138 posts
Hello,

I have finished with all of the cleanup operation.

Just one question, Malwarebytes Anti-Malware is not free, its shareware?

Thanks for all of your help, much appreciated.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 61,110 posts
There are two variants, the free version and the paid for version. The free is an on demand scanner only so a once a week scan should suffice :)
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured