[M.Early]

Usually I can pluck through his run-of-the-mill porn virus' myself, but this one is killing me. I want to dropkick his laptop.

Symptoms:
1. Three consecutive Internet Explorer windows will pop-up suddenly. All three play video. (We use Mozilla)
2. Google image results now only show 1 page of results, the rest of the page is blank.
3. While typing, the blinking cursor will suddenly jump from the current word to the middle of your sentence, causing constant spelling errors and retyping. (It's happened three times so far, while typing this post.) Also, the keyboard is less responsive. I'll think I typed a letter and look up to find it not there.
4. He had a google redirect (Ouch! cursor jumped again.) too, Malwarebytes got that.
5. He originally lost his entire start menu, program files and desktop icons, so I restored his computer to an earlier time. The files restored came back as hidden, so I'm still picking through and returning those to normal.
6. Malwarebytes, Avast and Spybot S&D only found the typical tracking cookies.

I'm grateful for any bone you guys can toss me.

--MICHELLE

See OTL log below.
-
-
-
-
***********************************************************************************

OTL logfile created on: 1/19/2012 9:02:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.65% Memory free
7.90 Gb Paging File | 6.36 Gb Available in Paging File | 80.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 470.90 Gb Free Space | 78.99% Space Free | Partition Type: NTFS
Drive F: | 3.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: N-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 21:01:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 02:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/14 20:53:45 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/11 00:37:06 | 001,038,088 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/11 00:35:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/11 00:13:20 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/04/05 06:10:16 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2009/08/10 12:07:40 | 000,119,680 | ---- | M] (Gemalto) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GemCCID.sys -- (GemCCID)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/06/27 10:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/11/09 08:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 18 F4 F0 D1 C5 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/19 11:05:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/18 23:18:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/10 23:45:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012/01/18 20:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/19 11:05:24 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

O1 HOSTS File: ([2012/01/17 00:51:52 | 000,000,795 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D34F8007-E82E-4EB9-A7A3-F60E2C5B1BAC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/12 03:18:43 | 000,000,000 | ---D | M] - F:\AutoRunSource -- [ CDFS ]
O32 - AutoRun File - [2005/12/23 08:12:36 | 002,073,600 | R--- | M] (Longtion) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/08/28 03:37:48 | 000,022,486 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2006/05/14 17:24:13 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4f06a293-24de-11e1-958b-e53901d529d6}\Shell - "" = AutoRun
O33 - MountPoints2\{4f06a293-24de-11e1-958b-e53901d529d6}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2005/12/23 08:12:36 | 002,073,600 | R--- | M] (Longtion)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 21:01:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/01/19 11:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/19 11:05:53 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/01/19 11:05:52 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/01/19 11:05:48 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/01/19 11:05:47 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/01/19 11:05:46 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/01/19 11:05:42 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/01/19 11:05:42 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/01/19 11:05:18 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/01/19 11:05:18 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/19 11:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/19 11:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/19 10:57:40 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012/01/19 10:56:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/19 10:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hijack this
[2012/01/19 10:50:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/16 20:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 20:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/16 20:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/16 17:50:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/01/16 17:50:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2012/01/16 14:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/01/10 21:45:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/30 16:44:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\vlc
[2011/12/28 21:49:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2011/12/23 11:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/12/23 11:16:36 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2011/12/23 11:16:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 11:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 11:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/12/22 18:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/22 18:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/22 18:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/12/22 18:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

========== Files - Modified Within 30 Days ==========

[2012/01/19 21:01:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/01/19 20:59:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 12:26:06 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/19 12:26:06 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/19 12:26:06 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/19 12:26:00 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 12:26:00 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 12:18:21 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 11:05:55 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/19 11:05:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/01/19 10:56:37 | 000,003,035 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2012/01/18 16:21:05 | 000,008,990 | ---- | M] () -- C:\Users\Administrator\Desktop\114178665_xs.jpg
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpE38C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpD58C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpC88C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpC78C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpBB8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpBA8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpAD8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpAC8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp9F8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp909C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp829C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp689C8.FOT
[2012/01/17 00:51:52 | 000,000,795 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/17 00:47:34 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/16 20:47:34 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 20:39:57 | 000,001,273 | ---- | M] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp7BF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp6EF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp6DF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp6CF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp5005D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp4305D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp4205D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp3405D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp1905D.FOT
[2012/01/11 13:46:57 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp96F4D.FOT
[2012/01/11 13:46:57 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp7AF4D.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpEA3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpDC3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpCF3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpCE3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpB14C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpA24C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp954C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp6C4C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpF73C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpE83C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp063C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp043C8.FOT
[2012/01/07 11:05:19 | 000,049,951 | ---- | M] () -- C:\Users\Administrator\Desktop\24894_102606363107256_100000736798094_75929_419631_n.jpg
[2012/01/05 12:54:19 | 000,022,063 | ---- | M] () -- C:\Users\Administrator\Desktop\24894_102606539773905_100000736798094_75935_7785965_n.jpg
[2012/01/05 01:02:36 | 000,082,326 | ---- | M] () -- C:\Users\Administrator\Desktop\179882_1613644025699_1374240485_31547168_2368928_n.jpg
[2012/01/05 01:01:29 | 000,070,811 | ---- | M] () -- C:\Users\Administrator\Desktop\66918_1393970502112_1617683345_953112_7405482_n.jpg
[2012/01/05 00:59:03 | 000,038,502 | ---- | M] () -- C:\Users\Administrator\Desktop\24894_102606703107222_100000736798094_75937_2445748_n.jpg
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpFC495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpEF495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpEE495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpED495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpD1595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpD0595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpC3595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpA8595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp41495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp17495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp0B495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp0A495.FOT
[2011/12/27 19:49:01 | 000,048,439 | ---- | M] () -- C:\Users\Administrator\Desktop\25.jpg
[2011/12/26 19:24:07 | 000,054,955 | ---- | M] () -- C:\Users\Administrator\Desktop\24.jpg
[2011/12/26 19:23:42 | 000,787,790 | ---- | M] () -- C:\Users\Administrator\Desktop\23.psd
[2011/12/26 19:17:00 | 000,783,370 | ---- | M] () -- C:\Users\Administrator\Desktop\22.psd
[2011/12/24 08:55:14 | 000,053,795 | ---- | M] () -- C:\Users\Administrator\Desktop\flatten3.jpg
[2011/12/24 08:34:34 | 000,053,382 | ---- | M] () -- C:\Users\Administrator\Desktop\flatten2.jpg
[2011/12/24 08:29:49 | 000,053,354 | ---- | M] () -- C:\Users\Administrator\Desktop\flatten.jpg
[2011/12/24 08:28:49 | 000,783,518 | ---- | M] () -- C:\Users\Administrator\Desktop\_______2_001.psd
[2011/12/23 23:21:34 | 000,022,302 | ---- | M] () -- C:\Users\Administrator\Desktop\_______2_001.jpg
[2011/12/23 11:22:47 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

========== Files Created - No Company Name ==========

[2012/01/19 11:05:55 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/19 11:05:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/01/19 10:56:37 | 000,003,035 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2012/01/18 16:21:05 | 000,008,990 | ---- | C] () -- C:\Users\Administrator\Desktop\114178665_xs.jpg
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpE38C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpD58C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpC88C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpC78C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpBB8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpBA8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpAD8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpAC8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp9F8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp909C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp829C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp689C8.FOT
[2012/01/16 20:47:34 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 20:39:57 | 000,001,273 | ---- | C] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp7BF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp6EF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp6DF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp6CF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp5005D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp4305D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp4205D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp3405D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp1905D.FOT
[2012/01/11 13:46:57 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp96F4D.FOT
[2012/01/11 13:46:57 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp7AF4D.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpEA3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpDC3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpCF3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpCE3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpB14C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpA24C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp954C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp6C4C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpF73C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpE83C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp063C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp043C8.FOT
[2012/01/07 11:05:19 | 000,049,951 | ---- | C] () -- C:\Users\Administrator\Desktop\24894_102606363107256_100000736798094_75929_419631_n.jpg
[2012/01/05 12:54:19 | 000,022,063 | ---- | C] () -- C:\Users\Administrator\Desktop\24894_102606539773905_100000736798094_75935_7785965_n.jpg
[2012/01/05 01:02:36 | 000,082,326 | ---- | C] () -- C:\Users\Administrator\Desktop\179882_1613644025699_1374240485_31547168_2368928_n.jpg
[2012/01/05 01:01:29 | 000,070,811 | ---- | C] () -- C:\Users\Administrator\Desktop\66918_1393970502112_1617683345_953112_7405482_n.jpg
[2012/01/05 00:59:03 | 000,038,502 | ---- | C] () -- C:\Users\Administrator\Desktop\24894_102606703107222_100000736798094_75937_2445748_n.jpg
[2011/12/28 21:53:51 | 000,341,664 | ---- | C] () -- C:\Users\Administrator\Desktop\InstallRoot_v3.15A.exe
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpFC495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpEF495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpEE495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpED495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpD1595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpD0595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpC3595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpA8595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp41495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp17495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp0B495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp0A495.FOT
[2011/12/27 19:48:59 | 000,048,439 | ---- | C] () -- C:\Users\Administrator\Desktop\25.jpg
[2011/12/26 19:24:06 | 000,054,955 | ---- | C] () -- C:\Users\Administrator\Desktop\24.jpg
[2011/12/26 19:23:40 | 000,787,790 | ---- | C] () -- C:\Users\Administrator\Desktop\23.psd
[2011/12/26 19:16:58 | 000,783,370 | ---- | C] () -- C:\Users\Administrator\Desktop\22.psd
[2011/12/24 08:55:12 | 000,053,795 | ---- | C] () -- C:\Users\Administrator\Desktop\flatten3.jpg
[2011/12/24 08:34:31 | 000,053,382 | ---- | C] () -- C:\Users\Administrator\Desktop\flatten2.jpg
[2011/12/24 08:29:47 | 000,053,354 | ---- | C] () -- C:\Users\Administrator\Desktop\flatten.jpg
[2011/12/24 08:28:46 | 000,783,518 | ---- | C] () -- C:\Users\Administrator\Desktop\_______2_001.psd
[2011/12/23 23:21:34 | 000,022,302 | ---- | C] () -- C:\Users\Administrator\Desktop\_______2_001.jpg
[2011/12/23 11:22:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/23 11:22:47 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/12 21:45:22 | 000,000,614 | ---- | C] () -- C:\Windows\tlknw4.ini
[2011/12/10 21:10:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/05 06:07:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/05 06:07:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/05 06:07:00 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2012/01/16 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012/01/18 23:19:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011/12/10 21:04:30 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\WinBatch
[2009/07/14 00:08:49 | 000,008,678 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by M.Early, 19 January 2012 - 08:16 PM.

[Advertisements]

Hello M.Early and welcome to my office here at G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

• Extract the zip file to its own folder.
• Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
• Click Start scan to start scanning.
• If infection is detected, the default setting for "action" should be Cure
  
  • (If suspicious file is detected please click on it and change it to Skip).
• Click Continue button
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

• TDSSKiller log
• Combofix log

It would be helpful if you could post each log in separate post

[maliprog]

Hello M.Early and welcome to my office here at G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

• Extract the zip file to its own folder.
• Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
• Click Start scan to start scanning.
• If infection is detected, the default setting for "action" should be Cure
  
  • (If suspicious file is detected please click on it and change it to Skip).
• Click Continue button
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

• TDSSKiller log
• Combofix log

It would be helpful if you could post each log in separate post

[maliprog]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.