TechSpot

Malwarebytes keeps finding password.stealer

Inactive
By Tooji
Aug 14, 2010
  1. Ok this is a long story but I'll try to make it short.

    I started playing WoW 1 week ago (yes I know). A couple of days into the game a phisher tells me that I've been invited to the beta of the upcoming expansion. Being new and ignorant I went to the phishing site but google chrome told me so, so I never actually entered ( though I've been told that they can still phish if this happens).

    My WoW account and Email were both comprimised.

    I ran the microsoft full virus scan - no results

    Ran AVG free version scan - no results

    Ran AVG paid version- Tons of Trojans (almost 38) all deleted and quarantined after reboot

    Ran Malwarebytes- Finds Password.Stealer

    EVERYTIME I RUN IT IT FINDS IT EVEN IF I SAY REMOVE

    It tells me that it was succesfully removed and quarintined

    Excuse my noobiness at this point but here is the log

    I also have Spybot running a few searches

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org


    Database version: 4428

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    14/08/2010 11:14:25 PM
    mbam-log-2010-08-14 (23-14-25).txt

    Scan type: Quick scan
    Objects scanned: 144627
    Time elapsed: 4 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\configuring (Password.Stealer) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. Broni

    Broni Malware Annihilator Posts: 47,668   +267

  3. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    Will do and thanks for the reply!
     
  4. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Sure thing :)
     
  5. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    Alrighty all done

    Take note of these boot errors

    There was a problem starting C:\users\Campoli\AppData\Local\Temp\Rpcqt.dll

    The specified module could not be found

    and

    There was a problem starting C:\users\Campoli\AppData\Local\Temp\1258725.txt

    The specified module could not be found

    for the above I recall seeing this text document among the infected by the trojan when my malwarebytes originally found 40 trojans


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4431

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    15/08/2010 12:32:13 AM
    mbam-log-2010-08-15 (00-32-13).txt

    Scan type: Quick scan
    Objects scanned: 142060
    Time elapsed: 4 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\configuring (Password.Stealer) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    --------------------------

    GMER is all blank except for these oddities when launching and initiating scan

    When Launching GMER: C:\Windows\system32\config\system: The system cannot find the file specified.

    When initiating scan: C:\Windows\system32\config\system: The system cannot access the file because it is being used by another process.

    Got the same errors when ran in safe mode but the scan still ran and said that nothing was modified

    -----------------------

    Putting DDS in next reply since it makes this too long
     

    Attached Files:

  6. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    First third of dds

    DDS attached is in previous reply


    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Campoli at 1:04:05.43 on 15/08/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.4094.2347 [GMT -4:00]

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Soluto\SolutoService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\razerhid.exe
    C:\Program Files\razerofa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Program Files (x86)\Bell\Internet Service Advisor\SSA.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\program files (x86)\steam\steam.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Users\Campoli\AppData\Local\TVersity\Media Server\MediaServer.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Campoli\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
    mLocal Page = c:\windows\syswow64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files (x86)\hotspot_shield\tbHot1.dll
    mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files (x86)\hotspot_shield\tbHot1.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files (x86)\hotspot_shield\tbHot1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files (x86)\google\chrome frame\application\6.0.472.33\npchrome_frame.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files (x86)\hotspot shield\hssie\HssIE.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll
    TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files (x86)\hotspot_shield\tbHot1.dll
    uRun: [AdobeBridge]
    uRun: [Video Library] "c:\windows\system32\rundll32.exe" c:\users\campoli\appdata\local\temp\Rpcqt.dll,Sets
    uRun: [SpybotSD TeaTimer] "c:\program files (x86)\spybot - search & destroy\TeaTimer.exe"
    uRun: [DirectPlayerCore] "c:\program files (x86)\nbc direct\DirectPlayerCore.exe"
    uRun: [Configuring] rundll32.exe c:\users\campoli\appdata\local\temp\1258725.txt,W
    mRun: [AVG9_TRAY] "c:\progra~2\avg\avg9\avgtray.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
    DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: {A5773954-EEA2-4498-B7C6-FFC690C0A07C} = 10.4.48.1
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files (x86)\google\chrome frame\application\6.0.472.33\npchrome_frame.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\hotspot shield\hssie\HssIE_64.dll
    TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files (x86)\daemon tools toolbar\DTToolbar64.dll
    TB-X64: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File
    mRun-x64: [RtHDVCpl] "c:\program files\realtek\audio\hda\RAVCpl64.exe" -s
    mRun-x64: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
    AppInit_DLLs-X64: avgrssta.dll
     
  7. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    second 3rd of dds

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\campoli\appdata\roaming\mozilla\firefox\profiles\djypkqmi.default\
    FF - plugin: c:\program files (x86)\bell\internet service advisor\nprpspa.dll
    FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files (x86)\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files (x86)\nbc direct\npDirectPlayerMozilla.dll
    FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\campoli\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\campoli\appdata\roaming\idm\bin\flash\platform\winnt\plugins\npidmdcp.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHrw7a;AVG Free9IDSErHr;c:\windows\system32\drivers\AVGIDSwa.sys [2010-8-13 27216]
    R0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-6-11 195016]
    R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-8-13 269904]
    R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-8-13 35536]
    R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-8-13 317520]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-6 203264]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-8-13 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-8-13 308136]
    R2 AVGIDSAgent;AVG Free9IDSAgent;c:\program files (x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-13 5897808]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-11-30 27136]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-8-14 1153368]
    R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-6-2 338464]
    R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2010-8-13 55360]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files (x86)\webroot\security\current\plugins\antimalware\AEI.exe [2010-8-13 3858168]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-7-6 7195648]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-6 265728]
    R3 AVGIDSDriverw7a;AVG Free9IDSDriver;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSDriver.sys [2010-8-13 132688]
    R3 AVGIDSFilterw7a;AVG Free9IDSFilter;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSFilter.sys [2010-8-13 35920]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-24 135664]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-25 25832]
    S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2009-12-15 12744]
    S3 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\hotspot shield\bin\hsswd.exe -product hss --> c:\program files (x86)\hotspot shield\bin\hsswd.exe -product HSS [?]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-1-23 55808]
    S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2009-11-30 50688]
    S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2009-11-30 24064]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2010\RpcAgentSrv.exe [2010-1-16 93336]
    S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2009-11-30 50688]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-2 1255736]
    S3 WRConsumerService;Webroot Client Service;c:\program files (x86)\webroot\security\current\framework\WRConsumerService.exe [2010-7-28 3020184]

    =============== Created Last 30 ================

    2010-08-14 16:38:00 20 ----a-w- c:\windows\syswow64\SYSTEM
    2010-08-14 16:20:51 0 d-----w- c:\users\campoli\appdata\roaming\Malwarebytes
    2010-08-14 16:17:26 0 d-----w- c:\programdata\Malwarebytes
    2010-08-14 16:17:24 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-14 16:17:24 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2010-08-14 16:03:34 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-08-14 16:03:34 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2010-08-14 04:03:20 0 d--h--w- C:\$AVG
    2010-08-14 01:53:40 27216 ----a-w- c:\windows\system32\drivers\AVGIDSwa.sys
    2010-08-13 21:57:56 28176 ----a-w- c:\windows\syswow64\wrLZMA.dll
    2010-08-13 21:57:53 55360 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
    2010-08-13 21:57:53 136224 ----a-w- c:\windows\system32\drivers\ssidrv.sys
    2010-08-13 21:56:41 0 d-----w- c:\program files (x86)\Webroot
    2010-08-13 21:56:39 0 dc-h--w- c:\programdata\{E641F73D-EC02-4FD2-999F-DE3E354C12F7}
    2010-08-13 21:55:56 0 d-----w- c:\programdata\Webroot
    2010-08-13 19:05:15 13048 ----a-w- c:\windows\system32\avgrssta.dll
    2010-08-13 19:05:14 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2010-08-13 19:05:10 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    2010-08-13 19:05:09 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    2010-08-13 19:05:09 0 d-----w- c:\windows\system32\drivers\Avg
    2010-08-13 19:03:18 0 d-----w- c:\programdata\avg9
    2010-08-13 18:52:42 0 d-----w- c:\program files (x86)\AVG
    2010-08-11 15:10:14 463360 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-11 15:10:14 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-11 15:10:14 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-08-11 15:10:09 340992 ----a-w- c:\windows\system32\schannel.dll
    2010-08-11 15:10:09 224256 ----a-w- c:\windows\syswow64\schannel.dll
    2010-08-11 15:10:00 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-08-02 17:20:43 12867584 ----a-w- c:\windows\syswow64\shell32.dll
    2010-07-27 22:41:48 0 d-----w- c:\program files (x86)\StarCraft II
    2010-07-27 22:19:05 0 d-----w- c:\programdata\ATI
    2010-07-27 22:14:39 0 d-----w- c:\users\campoli\SC2-WingsOfLiberty-enUS-Installer
    2010-07-26 15:46:27 0 d-----w- c:\program files\iTunes
    2010-07-26 15:46:27 0 d-----w- c:\program files\iPod
    2010-07-26 15:46:27 0 d-----w- c:\program files (x86)\iTunes
    2010-07-24 02:28:50 0 d-----w- c:\program files (x86)\IObit
    2010-07-23 01:45:34 0 d-----w- c:\program files (x86)\Starcraft
    2010-07-22 20:43:54 42 ----a-w- c:\windows\syswow64\AK083E209605E394C.lie
    2010-07-22 20:43:51 0 d-----w- c:\program files\Perfect Uninstaller
    2010-07-17 02:32:57 0 d-----w- c:\users\campoli\appdata\roaming\NBC Direct
    2010-07-17 02:32:53 0 d-----w- c:\users\campoli\appdata\roaming\IDM
    2010-07-17 02:32:52 0 d---a-w- c:\program files (x86)\NBC Direct
    2010-07-17 02:32:52 0 d-----w- c:\programdata\NBC Direct
    2010-07-16 19:01:07 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2010-07-16 18:58:55 0 d-----w- c:\program files\Bonjour
    2010-07-16 18:58:55 0 d-----w- c:\program files (x86)\Bonjour
    2010-07-16 15:35:31 144384 ----a-w- c:\windows\system32\cdd.dll
     
  8. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    Final 3rd


    ==================== Find3M ====================

    2010-08-15 05:00:42 5819 ----a-w- c:\program files\RazerTe.ini
    2010-08-02 03:02:14 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-08-02 03:02:14 109080 ----a-w- c:\windows\syswow64\OpenAL32.dll
    2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
    2010-07-07 02:30:08 7195648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-07-07 02:16:20 20118528 ----a-w- c:\windows\system32\atio6axx.dll
    2010-07-07 01:55:08 15461888 ----a-w- c:\windows\syswow64\atioglxx.dll
    2010-07-07 01:54:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-07-07 01:54:08 513024 ----a-w- c:\windows\syswow64\aticfx32.dll
    2010-07-07 01:53:20 594432 ----a-w- c:\windows\system32\aticfx64.dll
    2010-07-07 01:51:30 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-07-07 01:51:26 462336 ----a-w- c:\windows\system32\atieclxx.exe
    2010-07-07 01:50:54 203264 ----a-w- c:\windows\system32\atiesrxx.exe
    2010-07-07 01:49:48 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2010-07-07 01:49:36 421376 ----a-w- c:\windows\system32\atipdl64.dll
    2010-07-07 01:49:28 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
    2010-07-07 01:49:18 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
    2010-07-07 01:49:14 12288 ----a-w- c:\windows\system32\atimuixx.dll
    2010-07-07 01:49:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2010-07-07 01:49:06 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
    2010-07-07 01:46:26 3826688 ----a-w- c:\windows\syswow64\atidxx32.dll
    2010-07-07 01:37:36 4463616 ----a-w- c:\windows\system32\atidxx64.dll
    2010-07-07 01:30:12 2785792 ----a-w- c:\windows\system32\atiumd6a.dll
    2010-07-07 01:29:26 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2010-07-07 01:29:24 46080 ----a-w- c:\windows\syswow64\aticalrt.dll
    2010-07-07 01:29:16 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2010-07-07 01:29:14 44032 ----a-w- c:\windows\syswow64\aticalcl.dll
    2010-07-07 01:29:06 5378560 ----a-w- c:\windows\system32\aticaldd64.dll
    2010-07-07 01:28:20 3975680 ----a-w- c:\windows\syswow64\atiumdag.dll
    2010-07-07 01:27:58 4323840 ----a-w- c:\windows\syswow64\aticaldd.dll
    2010-07-07 01:24:34 55296 ----a-w- c:\windows\system32\coinst.dll
    2010-07-07 01:23:14 3058688 ----a-w- c:\windows\syswow64\atiumdva.dll
    2010-07-07 01:22:26 5099008 ----a-w- c:\windows\system32\atiumd64.dll
    2010-07-07 01:16:06 335872 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-07-07 01:16:02 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
    2010-07-07 01:15:54 14848 ----a-w- c:\windows\system32\atig6pxx.dll
    2010-07-07 01:15:50 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
    2010-07-07 01:15:50 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2010-07-07 01:15:48 18432 ----a-w- c:\windows\system32\atig6txx.dll
    2010-07-07 01:15:46 16896 ----a-w- c:\windows\syswow64\atigktxx.dll
    2010-07-07 01:15:42 265728 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2010-07-07 01:15:04 39424 ----a-w- c:\windows\system32\atiuxp64.dll
    2010-07-07 01:14:58 30208 ----a-w- c:\windows\syswow64\atiuxpag.dll
    2010-07-07 01:14:50 30208 ----a-w- c:\windows\system32\atiu9p64.dll
    2010-07-07 01:14:44 22528 ----a-w- c:\windows\syswow64\atiu9pag.dll
    2010-07-07 01:14:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-07-07 01:11:12 54272 ----a-w- c:\windows\system32\atimpc64.dll
    2010-07-07 01:11:12 54272 ----a-w- c:\windows\system32\amdpcom64.dll
    2010-07-07 01:11:06 52736 ----a-w- c:\windows\syswow64\atimpc32.dll
    2010-07-07 01:11:06 52736 ----a-w- c:\windows\syswow64\amdpcom32.dll
    2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
    2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
    2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
    2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
    2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
    2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
    2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
    2010-06-19 17:49:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2010-06-19 17:49:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
    2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
    2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
    2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
    2010-06-15 22:28:58 2857 ----a-w- c:\windows\syswow64\atipblag.dat
    2010-06-15 22:28:58 2857 ----a-w- c:\windows\system32\atipblag.dat
    2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
    2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-02 08:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-06-02 08:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll
    2010-06-02 08:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll
    2010-06-02 08:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-06-02 08:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll
    2010-06-02 08:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
    2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
    2010-05-26 15:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-05-26 15:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll
    2010-05-26 15:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-05-26 15:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-05-26 15:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll
    2010-05-26 15:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll
    2010-05-26 15:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll
    2010-05-26 15:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
    2010-05-26 15:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll
    2010-05-26 15:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
    2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-18 20:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 20:55:18 237856 ----a-w- c:\windows\system32\dnssdX.dll
    2010-05-18 20:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-18 20:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
    2010-05-18 20:35:16 197920 ----a-w- c:\windows\syswow64\dnssdX.dll
    2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2010-02-26 21:39:52 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 1:05:25.39 ===============

    THanks for any help!
     
  9. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Don't worry about any errors for now.
    Your computer is definitely infected.

    GMER won't run on Win 7 64-bit.

    ======================================================================

    Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    =======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):

    • Close browsers before scanning.
      Scan for tracking cookies.
      Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.

    • Click Preferences, then click the Statistics/Logs tab.
      Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.
     
  10. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    I forgot to tell you that before doing that process i did the TFC that was put in the 8-step guide

    Ok im gonna go follow your steps now
     
  11. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    OK........
     
     
  12. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    Oh yeah and btw I turned off system restoration when I was doing some virus scans earlier as they seemed to be surviving the reboot. Should I turn it on or leave it off?

    and here is the sas log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/15/2010 at 03:39 AM

    Application Version : 4.41.1000

    Core Rules Database Version : 5347
    Trace Rules Database Version: 3170

    Scan type : Complete Scan
    Total Scan Time : 01:40:28

    Memory items scanned : 344
    Memory threats detected : 0
    Registry items scanned : 13980
    Registry threats detected : 0
    File items scanned : 278060
    File threats detected : 116

    Adware.Tracking Cookie
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@tribalfusion[2].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@burstbeacon[1].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@www.burstbeacon[1].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@doubleclick[1].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@content.yieldmanager[3].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@bellcan.adbureau[2].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@atdmt[3].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@media6degrees[1].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@adcentriconline[1].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@invitemedia[2].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@specificclick[2].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@ads.networldmedia[1].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@chitika[2].txt
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@content.yieldmanager[2].txt
    .atdmt.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .msnaccountservices.112.2o7.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .bellcan.adbureau.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .kontera.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    citi.bridgetrack.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    citi.bridgetrack.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    citi.bridgetrack.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    citi.bridgetrack.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .inl.adbureau.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .imrworldwide.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .imrworldwide.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .content.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .at.atwola.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atwola.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .at.atwola.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .at.atwola.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .kontera.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .doubleclick.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .apmebf.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .mediaplex.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .mediaplex.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .content.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .statcounter.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .yieldmanager.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .bs.serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .bluestreak.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .kontera.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .kontera.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adcentriconline.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@atdmt[2].txt
    .imrworldwide.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .viacom.adbureau.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .viacom.adbureau.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .adserver.adtechus.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .admse012.adbureau.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .viacom.adbureau.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .content.yieldmanager.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .viacom.adbureau.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .yieldmanager.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .adinterax.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .adinterax.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .at.atwola.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .at.atwola.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .chitika.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .kontera.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .kontera.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .kontera.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .collective-media.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .collective-media.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .collective-media.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .viacom.adbureau.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
    .viaviralvideo.112.2o7.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
     
  13. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    It sais my posts must be accepted by a moderator?

    And sorry for the delay as I kind of dosed off during the scan

    Also I turned off the windows restore feature as in a virus case they would survive the boot so I assumed they were using the windows restore.

    Should I turn that back on?
     
  14. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    No.
     
  15. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    And MBR

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Gigabyte Technology Co., Ltd.
    BIOS Manufacturer: Award Software International, Inc.
    System Manufacturer: Gigabyte Technology Co., Ltd.
    System Product Name: EP45-UD3L
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 166):
    0x02E4F000 \SystemRoot\system32\ntoskrnl.exe
    0x02E06000 \SystemRoot\system32\hal.dll
    0x00BD3000 \SystemRoot\system32\kdcom.dll
    0x00CCB000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D0F000 \SystemRoot\system32\PSHED.dll
    0x00D23000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00E62000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F06000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x01010000 \SystemRoot\System32\Drivers\spsp.sys
    0x01136000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x0113F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x0116E000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x011C5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x011CF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F15000 \SystemRoot\system32\DRIVERS\pci.sys
    0x011DC000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F48000 \SystemRoot\system32\DRIVERS\ssidrv.sys
    0x00F6E000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F83000 \SystemRoot\System32\drivers\volmgrx.sys
    0x011F1000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x01000000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00FDF000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00E09000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00E33000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x00D81000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00E3E000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0128E000 \SystemRoot\system32\DRIVERS\PCGenFAM.sys
    0x01432000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x012C3000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015D5000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01321000 \SystemRoot\System32\Drivers\cng.sys
    0x015EF000 \SystemRoot\System32\drivers\pcw.sys
    0x01400000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0161C000 \SystemRoot\system32\drivers\ndis.sys
    0x0170E000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0176E000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01801000 \SystemRoot\System32\drivers\tcpip.sys
    0x01799000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x017E3000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x01394000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x017F3000 \SystemRoot\System32\Drivers\spldr.sys
    0x01600000 \SystemRoot\SysWOW64\speedfan.sys
    0x01200000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01607000 \SystemRoot\System32\Drivers\mup.sys
    0x0140A000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0123A000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01413000 \SystemRoot\system32\DRIVERS\disk.sys
    0x00DCD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01274000 \SystemRoot\System32\Drivers\AVGIDSwa.sys
    0x02CBE000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02CE8000 \SystemRoot\System32\Drivers\Null.SYS
    0x02CF1000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02CF8000 \SystemRoot\System32\drivers\vga.sys
    0x02D06000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02D2B000 \SystemRoot\System32\drivers\watchdog.sys
    0x02D3B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02D44000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02D4D000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02D56000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02D61000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02D72000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02D90000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02D9D000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x02C00000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03A6A000 \SystemRoot\system32\drivers\afd.sys
    0x03AF4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03AFD000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03B23000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03B32000 \SystemRoot\system32\DRIVERS\serial.sys
    0x03B4F000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03B6A000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03B7E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03BCF000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03BDB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03BE6000 \SystemRoot\System32\drivers\discache.sys
    0x03C60000 \SystemRoot\system32\drivers\csc.sys
    0x03CE3000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03D01000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03D12000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x03D1A000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x03D61000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03D87000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x03D9D000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x03E8C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x048CE000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04846000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x0486A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x04877000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x049C2000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x045BB000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x049D3000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x049E0000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\parport.sys
    0x049EC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03E1D000 \SystemRoot\System32\Drivers\awdj4hok.SYS
    0x03E62000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03E72000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x045ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03C24000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03DE3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03A21000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03C53000 \SystemRoot\system32\DRIVERS\taphss.sys
    0x03A3B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x03A46000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03A55000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x049F9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x02C45000 \SystemRoot\system32\DRIVERS\ks.sys
    0x02C88000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04C71000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04CCB000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0x04CD6000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04CEB000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x04D0E000 \SystemRoot\system32\drivers\portcls.sys
    0x04D4B000 \SystemRoot\system32\drivers\drmk.sys
    0x04D6D000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05C01000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x05DEE000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x05DFA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04DB7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04DC0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x04DDD000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04C00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04C19000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x00080000 \SystemRoot\System32\win32k.sys
    0x04C27000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04C33000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x04C46000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x04C53000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0x04D73000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004D0000 \SystemRoot\System32\TSDDD.dll
    0x00940000 \SystemRoot\System32\ATMFD.DLL
    0x006C0000 \SystemRoot\System32\cdd.dll
    0x026A5000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x026F9000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x02707000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x02713000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x0271C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x0272F000 \SystemRoot\system32\drivers\luafv.sys
    0x02752000 \SystemRoot\system32\DRIVERS\ssfmonm.sys
    0x02762000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02783000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02798000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x027B0000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys
    0x027BC000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys
    0x027C8000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys
    0x05E76000 \SystemRoot\system32\drivers\HTTP.sys
    0x05F3E000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x05F5C000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x05F74000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x05FA1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x05E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x07C21000 \SystemRoot\system32\drivers\peauth.sys
    0x07CC7000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x07CD2000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x07CFF000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07D11000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x02600000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07D79000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x77B70000 \Windows\System32\ntdll.dll
    0x48350000 \Windows\System32\smss.exe
    0xFFE90000 \Windows\System32\apisetschema.dll

    Processes (total 75):
    0 System Idle Process
    4 System
    244 C:\Windows\System32\smss.exe
    376 csrss.exe
    448 C:\Windows\System32\wininit.exe
    464 csrss.exe
    472 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    480 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    536 C:\Windows\System32\services.exe
    552 C:\Windows\System32\lsass.exe
    560 C:\Windows\System32\lsm.exe
    712 C:\Windows\System32\svchost.exe
    720 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    768 C:\Windows\System32\winlogon.exe
    984 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    396 C:\Windows\System32\svchost.exe
    380 C:\Windows\System32\atiesrxx.exe
    1056 C:\Windows\System32\svchost.exe
    1088 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\svchost.exe
    1268 C:\Windows\System32\svchost.exe
    1384 C:\Windows\System32\svchost.exe
    1456 C:\Windows\System32\atieclxx.exe
    1556 C:\Windows\System32\spoolsv.exe
    1688 C:\Windows\System32\taskhost.exe
    1712 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    1796 C:\Windows\System32\dwm.exe
    1860 C:\Windows\explorer.exe
    1340 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2184 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    2344 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    2352 C:\Windows\System32\conhost.exe
    2564 C:\Windows\System32\svchost.exe
    2704 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    2748 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2988 C:\Windows\SysWOW64\PnkBstrA.exe
    3016 C:\Program Files\Soluto\SolutoService.exe
    2080 C:\Windows\System32\svchost.exe
    2084 C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
    1172 C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    2192 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2124 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    3280 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    3316 C:\Windows\splwow64.exe
    3520 C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
    3640 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    3880 C:\Windows\System32\SearchIndexer.exe
    4048 C:\Windows\System32\svchost.exe
    3076 C:\Windows\System32\svchost.exe
    3216 C:\Windows\System32\svchost.exe
    208 C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
    2920 SSU.exe
    4616 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4896 C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
    4944 C:\Program Files\razerhid.exe
    5012 C:\Program Files\razerofa.exe
    1376 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    4660 C:\Program Files (x86)\Bell\Internet Service Advisor\SSA.exe
    2828 WmiPrvSE.exe
    4512 C:\Program Files (x86)\Steam\Steam.exe
    5448 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    5656 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    5696 C:\Users\Campoli\AppData\Local\TVersity\Media Server\MediaServer.exe
    5768 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    5912 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    5864 C:\Windows\System32\wuauclt.exe
    6012 WmiPrvSE.exe
    1592 WmiPrvSE.exe
    5004 C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
    4724 C:\Windows\System32\SearchProtocolHost.exe
    2576 C:\Windows\System32\SearchFilterHost.exe
    4664 C:\Windows\System32\notepad.exe
    4584 C:\Users\Campoli\Desktop\MBRCheck.exe
    3392 C:\Windows\System32\conhost.exe
    4468 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD5000AAKS-22A7B2, Rev: 01.03B01

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  16. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    so I should leave it off?
     
  17. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Sorry for miscommunication :)
    Leave it on.
    It's better to have infected restore point (for now), than none.

    MBRCheck looks good :)

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    The log is too long so Il attach them
     

    Attached Files:

  19. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box into the main textfield:
      Code:
      :filefind
      kabaker*
      wowp*
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  20. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 13:16 on 15/08/2010 by Campoli (Administrator - Elevation successful)

    ========== filefind ==========

    Searching for "kabaker*"
    No files found.

    Searching for "wowp*"
    No files found.

    -=End Of File=-
     
  21. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Good :)

    You're running very low on C drive free space:
    It's time to start moving some stuff out of it.

    ====================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKCU..\Run: [AdobeBridge]  File not found
      O4 - HKCU..\Run: [DirectPlayerCore] C:\Program Files (x86)\NBC Direct\DirectPlayerCore.exe File not found
      O4 - HKCU..\Run: [Video Library] C:\Users\Campoli\AppData\Local\Temp\Rpcqt.DLL File not found
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
      O18:[b]64bit:[/b] - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
      O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O33 - MountPoints2\{b318e8a8-f290-11de-9060-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{b318e8a8-f290-11de-9060-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2009/10/19 15:30:16 | 002,217,232 | ---- | M] ()
      O33 - MountPoints2\{ecae4d48-dd1f-11de-8784-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{ecae4d48-dd1f-11de-8784-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
      [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      [2010/07/22 16:43:54 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
      [2010/07/22 16:43:52 | 000,000,852 | ---- | C] () -- C:\Users\Campoli\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  22. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DirectPlayerCore deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Video Library deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
    Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
    C:\Windows\Downloaded Program Files\sysreqlabdetect.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gcf\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9875BFAF-B04D-445E-8A69-BE36838CDE3E}\ not found.
    File {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
    File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
    File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
    File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b318e8a8-f290-11de-9060-806e6f6e6963}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b318e8a8-f290-11de-9060-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b318e8a8-f290-11de-9060-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b318e8a8-f290-11de-9060-806e6f6e6963}\ not found.
    File move failed. D:\Installer.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecae4d48-dd1f-11de-8784-806e6f6e6963}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecae4d48-dd1f-11de-8784-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecae4d48-dd1f-11de-8784-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecae4d48-dd1f-11de-8784-806e6f6e6963}\ not found.
    File D:\autorun.exe not found.
    C:\ProgramData\xml9C2E.tmp deleted successfully.
    C:\ProgramData\xml9ECD.tmp deleted successfully.
    C:\ProgramData\xml9FD8.tmp deleted successfully.
    C:\Windows\SysWOW64\AK083E209605E394C.lie moved successfully.
    C:\Users\Campoli\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Campoli
    ->Temp folder emptied: 559653 bytes
    ->Temporary Internet Files folder emptied: 6498094 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 29107476 bytes
    ->Flash cache emptied: 343 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 13488 bytes

    Total Files Cleaned = 35.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Campoli
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.9.1 log created on 08152010_133738

    Files\Folders moved on Reboot...
    File move failed. D:\Installer.exe scheduled to be moved on reboot.
    C:\Users\Campoli\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Campoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCVZ67US\ads[3].txt moved successfully.
    C:\Users\Campoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZB5AQNQ\ads[1].txt moved successfully.

    Registry entries deleted on Reboot...
     
  23. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    ...and "Quick scan"...
     
  24. Tooji

    Tooji TS Rookie Topic Starter Posts: 31

    Do I still put the lines of code?

    Sorry for my noobiness :(
     
  25. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    No worries and no, just "Quick scan".
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.