Inactive Malwarebytes keeps finding password.stealer

Status
Not open for further replies.
T

Tooji

Posts: 31   +0
Ok this is a long story but I'll try to make it short.

I started playing WoW 1 week ago (yes I know). A couple of days into the game a phisher tells me that I've been invited to the beta of the upcoming expansion. Being new and ignorant I went to the phishing site but google chrome told me so, so I never actually entered ( though I've been told that they can still phish if this happens).

My WoW account and Email were both comprimised.

I ran the microsoft full virus scan - no results

Ran AVG free version scan - no results

Ran AVG paid version- Tons of Trojans (almost 38) all deleted and quarantined after reboot

Ran Malwarebytes- Finds Password.Stealer

EVERYTIME I RUN IT IT FINDS IT EVEN IF I SAY REMOVE

It tells me that it was succesfully removed and quarintined

Excuse my noobiness at this point but here is the log

I also have Spybot running a few searches

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4428

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14/08/2010 11:14:25 PM
mbam-log-2010-08-14 (23-14-25).txt

Scan type: Quick scan
Objects scanned: 144627
Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\configuring (Password.Stealer) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
 
Alrighty all done

Take note of these boot errors

There was a problem starting C:\users\Campoli\AppData\Local\Temp\Rpcqt.dll

The specified module could not be found

and

There was a problem starting C:\users\Campoli\AppData\Local\Temp\1258725.txt

The specified module could not be found

for the above I recall seeing this text document among the infected by the trojan when my malwarebytes originally found 40 trojans


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4431

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15/08/2010 12:32:13 AM
mbam-log-2010-08-15 (00-32-13).txt

Scan type: Quick scan
Objects scanned: 142060
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\configuring (Password.Stealer) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------

GMER is all blank except for these oddities when launching and initiating scan

When Launching GMER: C:\Windows\system32\config\system: The system cannot find the file specified.

When initiating scan: C:\Windows\system32\config\system: The system cannot access the file because it is being used by another process.

Got the same errors when ran in safe mode but the scan still ran and said that nothing was modified

-----------------------

Putting DDS in next reply since it makes this too long
 

Attachments

  • Attach.txt
    13.2 KB · Views: 0
First third of dds

DDS attached is in previous reply


DDS (Ver_10-03-17.01) - NTFSX64
Run by Campoli at 1:04:05.43 on 15/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.4094.2347 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\razerhid.exe
C:\Program Files\razerofa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files (x86)\Bell\Internet Service Advisor\SSA.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\program files (x86)\steam\steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\Campoli\AppData\Local\TVersity\Media Server\MediaServer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Campoli\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files (x86)\hotspot_shield\tbHot1.dll
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files (x86)\hotspot_shield\tbHot1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files (x86)\hotspot_shield\tbHot1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files (x86)\google\chrome frame\application\6.0.472.33\npchrome_frame.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files (x86)\hotspot shield\hssie\HssIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files (x86)\hotspot_shield\tbHot1.dll
uRun: [AdobeBridge]
uRun: [Video Library] "c:\windows\system32\rundll32.exe" c:\users\campoli\appdata\local\temp\Rpcqt.dll,Sets
uRun: [SpybotSD TeaTimer] "c:\program files (x86)\spybot - search & destroy\TeaTimer.exe"
uRun: [DirectPlayerCore] "c:\program files (x86)\nbc direct\DirectPlayerCore.exe"
uRun: [Configuring] rundll32.exe c:\users\campoli\appdata\local\temp\1258725.txt,W
mRun: [AVG9_TRAY] "c:\progra~2\avg\avg9\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {A5773954-EEA2-4498-B7C6-FFC690C0A07C} = 10.4.48.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files (x86)\google\chrome frame\application\6.0.472.33\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\hotspot shield\hssie\HssIE_64.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files (x86)\daemon tools toolbar\DTToolbar64.dll
TB-X64: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File
mRun-x64: [RtHDVCpl] "c:\program files\realtek\audio\hda\RAVCpl64.exe" -s
mRun-x64: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
AppInit_DLLs-X64: avgrssta.dll
 
second 3rd of dds

================= FIREFOX ===================

FF - ProfilePath - c:\users\campoli\appdata\roaming\mozilla\firefox\profiles\djypkqmi.default\
FF - plugin: c:\program files (x86)\bell\internet service advisor\nprpspa.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files (x86)\nbc direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\campoli\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\campoli\appdata\roaming\idm\bin\flash\platform\winnt\plugins\npidmdcp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7a;AVG Free9IDSErHr;c:\windows\system32\drivers\AVGIDSwa.sys [2010-8-13 27216]
R0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-6-11 195016]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-8-13 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-8-13 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-8-13 317520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-6 203264]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-8-13 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-8-13 308136]
R2 AVGIDSAgent;AVG Free9IDSAgent;c:\program files (x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-13 5897808]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-11-30 27136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-8-14 1153368]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-6-2 338464]
R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2010-8-13 55360]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files (x86)\webroot\security\current\plugins\antimalware\AEI.exe [2010-8-13 3858168]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-7-6 7195648]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-6 265728]
R3 AVGIDSDriverw7a;AVG Free9IDSDriver;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSDriver.sys [2010-8-13 132688]
R3 AVGIDSFilterw7a;AVG Free9IDSFilter;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSFilter.sys [2010-8-13 35920]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-24 135664]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-25 25832]
S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2009-12-15 12744]
S3 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\hotspot shield\bin\hsswd.exe -product hss --> c:\program files (x86)\hotspot shield\bin\hsswd.exe -product HSS [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-1-23 55808]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2009-11-30 50688]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2009-11-30 24064]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2010\RpcAgentSrv.exe [2010-1-16 93336]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2009-11-30 50688]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-2 1255736]
S3 WRConsumerService;Webroot Client Service;c:\program files (x86)\webroot\security\current\framework\WRConsumerService.exe [2010-7-28 3020184]

=============== Created Last 30 ================

2010-08-14 16:38:00 20 ----a-w- c:\windows\syswow64\SYSTEM
2010-08-14 16:20:51 0 d-----w- c:\users\campoli\appdata\roaming\Malwarebytes
2010-08-14 16:17:26 0 d-----w- c:\programdata\Malwarebytes
2010-08-14 16:17:24 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-14 16:17:24 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-14 16:03:34 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-14 16:03:34 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-08-14 04:03:20 0 d--h--w- C:\$AVG
2010-08-14 01:53:40 27216 ----a-w- c:\windows\system32\drivers\AVGIDSwa.sys
2010-08-13 21:57:56 28176 ----a-w- c:\windows\syswow64\wrLZMA.dll
2010-08-13 21:57:53 55360 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-08-13 21:57:53 136224 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-08-13 21:56:41 0 d-----w- c:\program files (x86)\Webroot
2010-08-13 21:56:39 0 dc-h--w- c:\programdata\{E641F73D-EC02-4FD2-999F-DE3E354C12F7}
2010-08-13 21:55:56 0 d-----w- c:\programdata\Webroot
2010-08-13 19:05:15 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-08-13 19:05:14 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-08-13 19:05:10 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-08-13 19:05:09 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-08-13 19:05:09 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-13 19:03:18 0 d-----w- c:\programdata\avg9
2010-08-13 18:52:42 0 d-----w- c:\program files (x86)\AVG
2010-08-11 15:10:14 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 15:10:14 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 15:10:14 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-11 15:10:09 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 15:10:09 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-11 15:10:00 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-02 17:20:43 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-27 22:41:48 0 d-----w- c:\program files (x86)\StarCraft II
2010-07-27 22:19:05 0 d-----w- c:\programdata\ATI
2010-07-27 22:14:39 0 d-----w- c:\users\campoli\SC2-WingsOfLiberty-enUS-Installer
2010-07-26 15:46:27 0 d-----w- c:\program files\iTunes
2010-07-26 15:46:27 0 d-----w- c:\program files\iPod
2010-07-26 15:46:27 0 d-----w- c:\program files (x86)\iTunes
2010-07-24 02:28:50 0 d-----w- c:\program files (x86)\IObit
2010-07-23 01:45:34 0 d-----w- c:\program files (x86)\Starcraft
2010-07-22 20:43:54 42 ----a-w- c:\windows\syswow64\AK083E209605E394C.lie
2010-07-22 20:43:51 0 d-----w- c:\program files\Perfect Uninstaller
2010-07-17 02:32:57 0 d-----w- c:\users\campoli\appdata\roaming\NBC Direct
2010-07-17 02:32:53 0 d-----w- c:\users\campoli\appdata\roaming\IDM
2010-07-17 02:32:52 0 d---a-w- c:\program files (x86)\NBC Direct
2010-07-17 02:32:52 0 d-----w- c:\programdata\NBC Direct
2010-07-16 19:01:07 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-07-16 18:58:55 0 d-----w- c:\program files\Bonjour
2010-07-16 18:58:55 0 d-----w- c:\program files (x86)\Bonjour
2010-07-16 15:35:31 144384 ----a-w- c:\windows\system32\cdd.dll
 
Final 3rd


==================== Find3M ====================

2010-08-15 05:00:42 5819 ----a-w- c:\program files\RazerTe.ini
2010-08-02 03:02:14 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-02 03:02:14 109080 ----a-w- c:\windows\syswow64\OpenAL32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-07 02:30:08 7195648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-07-07 02:16:20 20118528 ----a-w- c:\windows\system32\atio6axx.dll
2010-07-07 01:55:08 15461888 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-07-07 01:54:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:54:08 513024 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-07-07 01:53:20 594432 ----a-w- c:\windows\system32\aticfx64.dll
2010-07-07 01:51:30 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51:26 462336 ----a-w- c:\windows\system32\atieclxx.exe
2010-07-07 01:50:54 203264 ----a-w- c:\windows\system32\atiesrxx.exe
2010-07-07 01:49:48 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-07-07 01:49:36 421376 ----a-w- c:\windows\system32\atipdl64.dll
2010-07-07 01:49:28 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-07-07 01:49:18 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-07-07 01:49:14 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-07-07 01:49:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-07-07 01:49:06 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-07-07 01:46:26 3826688 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-07-07 01:37:36 4463616 ----a-w- c:\windows\system32\atidxx64.dll
2010-07-07 01:30:12 2785792 ----a-w- c:\windows\system32\atiumd6a.dll
2010-07-07 01:29:26 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-07-07 01:29:24 46080 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-07-07 01:29:16 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-07-07 01:29:14 44032 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-07-07 01:29:06 5378560 ----a-w- c:\windows\system32\aticaldd64.dll
2010-07-07 01:28:20 3975680 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-07-07 01:27:58 4323840 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-07-07 01:24:34 55296 ----a-w- c:\windows\system32\coinst.dll
2010-07-07 01:23:14 3058688 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-07-07 01:22:26 5099008 ----a-w- c:\windows\system32\atiumd64.dll
2010-07-07 01:16:06 335872 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:16:02 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-07-07 01:15:54 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-07-07 01:15:50 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-07-07 01:15:50 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-07-07 01:15:48 18432 ----a-w- c:\windows\system32\atig6txx.dll
2010-07-07 01:15:46 16896 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-07-07 01:15:42 265728 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:15:04 39424 ----a-w- c:\windows\system32\atiuxp64.dll
2010-07-07 01:14:58 30208 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-07-07 01:14:50 30208 ----a-w- c:\windows\system32\atiu9p64.dll
2010-07-07 01:14:44 22528 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-07-07 01:14:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11:12 54272 ----a-w- c:\windows\system32\atimpc64.dll
2010-07-07 01:11:12 54272 ----a-w- c:\windows\system32\amdpcom64.dll
2010-07-07 01:11:06 52736 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-07-07 01:11:06 52736 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 17:49:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-06-19 17:49:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-15 22:28:58 2857 ----a-w- c:\windows\syswow64\atipblag.dat
2010-06-15 22:28:58 2857 ----a-w- c:\windows\system32\atipblag.dat
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 08:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll
2010-06-02 08:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll
2010-06-02 08:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll
2010-06-02 08:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-26 15:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll
2010-05-26 15:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll
2010-05-26 15:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll
2010-05-26 15:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll
2010-05-26 15:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 15:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll
2010-05-26 15:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:55:18 237856 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 20:35:16 197920 ----a-w- c:\windows\syswow64\dnssdX.dll
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-26 21:39:52 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 1:05:25.39 ===============

THanks for any help!
 
Don't worry about any errors for now.
Your computer is definitely infected.

GMER won't run on Win 7 64-bit.

======================================================================

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

  • Close browsers before scanning.
    Scan for tracking cookies.
    Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

  • Click Preferences, then click the Statistics/Logs tab.
    Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
 
I forgot to tell you that before doing that process i did the TFC that was put in the 8-step guide

Ok im gonna go follow your steps now
 
Oh yeah and btw I turned off system restoration when I was doing some virus scans earlier as they seemed to be surviving the reboot. Should I turn it on or leave it off?

and here is the sas log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/15/2010 at 03:39 AM

Application Version : 4.41.1000

Core Rules Database Version : 5347
Trace Rules Database Version: 3170

Scan type : Complete Scan
Total Scan Time : 01:40:28

Memory items scanned : 344
Memory threats detected : 0
Registry items scanned : 13980
Registry threats detected : 0
File items scanned : 278060
File threats detected : 116

Adware.Tracking Cookie
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@tribalfusion[2].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@burstbeacon[1].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@www.burstbeacon[1].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@doubleclick[1].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@content.yieldmanager[3].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@bellcan.adbureau[2].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@atdmt[3].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@media6degrees[1].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@adcentriconline[1].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@invitemedia[2].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@specificclick[2].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@ads.networldmedia[1].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@chitika[2].txt
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@content.yieldmanager[2].txt
.atdmt.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.msnaccountservices.112.2o7.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bellcan.adbureau.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.inl.adbureau.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atwola.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bluestreak.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adcentriconline.com [ C:\Users\Campoli\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\Campoli\AppData\Roaming\Microsoft\Windows\Cookies\campoli@atdmt[2].txt
.imrworldwide.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.admse012.adbureau.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.yieldmanager.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.adinterax.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.adinterax.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.chitika.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.kontera.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.kontera.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.kontera.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
.viaviralvideo.112.2o7.net [ C:\Users\Campoli\AppData\Roaming\Mozilla\Firefox\Profiles\djypkqmi.default\cookies.sqlite ]
 
It sais my posts must be accepted by a moderator?

And sorry for the delay as I kind of dosed off during the scan

Also I turned off the windows restore feature as in a virus case they would survive the boot so I assumed they were using the windows restore.

Should I turn that back on?
 
Oh yeah and btw I turned off system restoration when I was doing some virus scans earlier as they seemed to be surviving the reboot. Should I turn it on or leave it off?
Click to expand...
No.
 
And MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP45-UD3L
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 166):
0x02E4F000 \SystemRoot\system32\ntoskrnl.exe
0x02E06000 \SystemRoot\system32\hal.dll
0x00BD3000 \SystemRoot\system32\kdcom.dll
0x00CCB000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D0F000 \SystemRoot\system32\PSHED.dll
0x00D23000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E62000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F06000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01010000 \SystemRoot\System32\Drivers\spsp.sys
0x01136000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x0113F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0116E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x011C5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x011CF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F15000 \SystemRoot\system32\DRIVERS\pci.sys
0x011DC000 \SystemRoot\System32\drivers\partmgr.sys
0x00F48000 \SystemRoot\system32\DRIVERS\ssidrv.sys
0x00F6E000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F83000 \SystemRoot\System32\drivers\volmgrx.sys
0x011F1000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01000000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FDF000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E09000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E33000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00D81000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E3E000 \SystemRoot\system32\drivers\fileinfo.sys
0x0128E000 \SystemRoot\system32\DRIVERS\PCGenFAM.sys
0x01432000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012C3000 \SystemRoot\System32\Drivers\msrpc.sys
0x015D5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01321000 \SystemRoot\System32\Drivers\cng.sys
0x015EF000 \SystemRoot\System32\drivers\pcw.sys
0x01400000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0161C000 \SystemRoot\system32\drivers\ndis.sys
0x0170E000 \SystemRoot\system32\drivers\NETIO.SYS
0x0176E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x01799000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017E3000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01394000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017F3000 \SystemRoot\System32\Drivers\spldr.sys
0x01600000 \SystemRoot\SysWOW64\speedfan.sys
0x01200000 \SystemRoot\System32\drivers\rdyboost.sys
0x01607000 \SystemRoot\System32\Drivers\mup.sys
0x0140A000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0123A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01413000 \SystemRoot\system32\DRIVERS\disk.sys
0x00DCD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01274000 \SystemRoot\System32\Drivers\AVGIDSwa.sys
0x02CBE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02CE8000 \SystemRoot\System32\Drivers\Null.SYS
0x02CF1000 \SystemRoot\System32\Drivers\Beep.SYS
0x02CF8000 \SystemRoot\System32\drivers\vga.sys
0x02D06000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D2B000 \SystemRoot\System32\drivers\watchdog.sys
0x02D3B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02D44000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02D4D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02D56000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02D61000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02D72000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02D90000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02D9D000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02C00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A6A000 \SystemRoot\system32\drivers\afd.sys
0x03AF4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03AFD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B23000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B32000 \SystemRoot\system32\DRIVERS\serial.sys
0x03B4F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B6A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03B7E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03BCF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03BDB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03BE6000 \SystemRoot\System32\drivers\discache.sys
0x03C60000 \SystemRoot\system32\drivers\csc.sys
0x03CE3000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D01000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D12000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03D1A000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03D61000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03D87000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03D9D000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x03E8C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x048CE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04846000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0486A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04877000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x049C2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x045BB000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x049D3000 \SystemRoot\system32\DRIVERS\fdc.sys
0x049E0000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03E00000 \SystemRoot\system32\DRIVERS\parport.sys
0x049EC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03E1D000 \SystemRoot\System32\Drivers\awdj4hok.SYS
0x03E62000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03E72000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03C00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x045ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03C24000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03DE3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03A21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03C53000 \SystemRoot\system32\DRIVERS\taphss.sys
0x03A3B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03A46000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03A55000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x049F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02C45000 \SystemRoot\system32\DRIVERS\ks.sys
0x02C88000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04C71000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04CCB000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x04CD6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04CEB000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x04D0E000 \SystemRoot\system32\drivers\portcls.sys
0x04D4B000 \SystemRoot\system32\drivers\drmk.sys
0x04D6D000 \SystemRoot\system32\drivers\ksthunk.sys
0x05C01000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05DEE000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x05DFA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04DB7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04DC0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04DDD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04C00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04C19000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x04C27000 \SystemRoot\System32\drivers\Dxapi.sys
0x04C33000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x04C46000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04C53000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x04D73000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x00940000 \SystemRoot\System32\ATMFD.DLL
0x006C0000 \SystemRoot\System32\cdd.dll
0x026A5000 \SystemRoot\system32\DRIVERS\udfs.sys
0x026F9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02707000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x02713000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0271C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0272F000 \SystemRoot\system32\drivers\luafv.sys
0x02752000 \SystemRoot\system32\DRIVERS\ssfmonm.sys
0x02762000 \SystemRoot\system32\drivers\WudfPf.sys
0x02783000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02798000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x027B0000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys
0x027BC000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys
0x027C8000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys
0x05E76000 \SystemRoot\system32\drivers\HTTP.sys
0x05F3E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05F5C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05F74000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05FA1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07C21000 \SystemRoot\system32\drivers\peauth.sys
0x07CC7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07CD2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07CFF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07D11000 \SystemRoot\System32\DRIVERS\srv2.sys
0x02600000 \SystemRoot\System32\DRIVERS\srv.sys
0x07D79000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77B70000 \Windows\System32\ntdll.dll
0x48350000 \Windows\System32\smss.exe
0xFFE90000 \Windows\System32\apisetschema.dll

Processes (total 75):
0 System Idle Process
4 System
244 C:\Windows\System32\smss.exe
376 csrss.exe
448 C:\Windows\System32\wininit.exe
464 csrss.exe
472 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
480 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
536 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
720 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
768 C:\Windows\System32\winlogon.exe
984 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
396 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\atiesrxx.exe
1056 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\atieclxx.exe
1556 C:\Windows\System32\spoolsv.exe
1688 C:\Windows\System32\taskhost.exe
1712 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
1796 C:\Windows\System32\dwm.exe
1860 C:\Windows\explorer.exe
1340 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2184 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
2344 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2352 C:\Windows\System32\conhost.exe
2564 C:\Windows\System32\svchost.exe
2704 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
2748 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2988 C:\Windows\SysWOW64\PnkBstrA.exe
3016 C:\Program Files\Soluto\SolutoService.exe
2080 C:\Windows\System32\svchost.exe
2084 C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
1172 C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
2192 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2124 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
3280 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
3316 C:\Windows\splwow64.exe
3520 C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
3640 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
3880 C:\Windows\System32\SearchIndexer.exe
4048 C:\Windows\System32\svchost.exe
3076 C:\Windows\System32\svchost.exe
3216 C:\Windows\System32\svchost.exe
208 C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
2920 SSU.exe
4616 C:\Program Files\Windows Media Player\wmpnetwk.exe
4896 C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
4944 C:\Program Files\razerhid.exe
5012 C:\Program Files\razerofa.exe
1376 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
4660 C:\Program Files (x86)\Bell\Internet Service Advisor\SSA.exe
2828 WmiPrvSE.exe
4512 C:\Program Files (x86)\Steam\Steam.exe
5448 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
5656 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
5696 C:\Users\Campoli\AppData\Local\TVersity\Media Server\MediaServer.exe
5768 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
5912 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
5864 C:\Windows\System32\wuauclt.exe
6012 WmiPrvSE.exe
1592 WmiPrvSE.exe
5004 C:\Users\Campoli\AppData\Local\Google\Chrome\Application\chrome.exe
4724 C:\Windows\System32\SearchProtocolHost.exe
2576 C:\Windows\System32\SearchFilterHost.exe
4664 C:\Windows\System32\notepad.exe
4584 C:\Users\Campoli\Desktop\MBRCheck.exe
3392 C:\Windows\System32\conhost.exe
4468 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-22A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
Sorry for miscommunication :)
Leave it on.
It's better to have infected restore point (for now), than none.

MBRCheck looks good :)

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The log is too long so Il attach them
 

Attachments

  • OTL.Txt
    124.2 KB · Views: 2
  • Extras.Txt
    55.8 KB · Views: 1
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    Code: 
    :filefind
kabaker*
wowp*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:16 on 15/08/2010 by Campoli (Administrator - Elevation successful)

========== filefind ==========

Searching for "kabaker*"
No files found.

Searching for "wowp*"
No files found.

-=End Of File=-
 
Good :)

You're running very low on C drive free space:
Drive C: | 465.76 Gb Total Space | 54.31 Gb Free Space | 11.66% Space Free
Click to expand...
It's time to start moving some stuff out of it.

====================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DirectPlayerCore] C:\Program Files (x86)\NBC Direct\DirectPlayerCore.exe File not found
O4 - HKCU..\Run: [Video Library] C:\Users\Campoli\AppData\Local\Temp\Rpcqt.DLL File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O18:[b]64bit:[/b] - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{b318e8a8-f290-11de-9060-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b318e8a8-f290-11de-9060-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2009/10/19 15:30:16 | 002,217,232 | ---- | M] ()
O33 - MountPoints2\{ecae4d48-dd1f-11de-8784-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ecae4d48-dd1f-11de-8784-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2010/07/22 16:43:54 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2010/07/22 16:43:52 | 000,000,852 | ---- | C] () -- C:\Users\Campoli\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DirectPlayerCore deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Video Library deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
C:\Windows\Downloaded Program Files\sysreqlabdetect.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gcf\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9875BFAF-B04D-445E-8A69-BE36838CDE3E}\ not found.
File {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b318e8a8-f290-11de-9060-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b318e8a8-f290-11de-9060-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b318e8a8-f290-11de-9060-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b318e8a8-f290-11de-9060-806e6f6e6963}\ not found.
File move failed. D:\Installer.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecae4d48-dd1f-11de-8784-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecae4d48-dd1f-11de-8784-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecae4d48-dd1f-11de-8784-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecae4d48-dd1f-11de-8784-806e6f6e6963}\ not found.
File D:\autorun.exe not found.
C:\ProgramData\xml9C2E.tmp deleted successfully.
C:\ProgramData\xml9ECD.tmp deleted successfully.
C:\ProgramData\xml9FD8.tmp deleted successfully.
C:\Windows\SysWOW64\AK083E209605E394C.lie moved successfully.
C:\Users\Campoli\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Campoli
->Temp folder emptied: 559653 bytes
->Temporary Internet Files folder emptied: 6498094 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 29107476 bytes
->Flash cache emptied: 343 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 13488 bytes

Total Files Cleaned = 35.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Campoli
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08152010_133738

Files\Folders moved on Reboot...
File move failed. D:\Installer.exe scheduled to be moved on reboot.
C:\Users\Campoli\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Campoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCVZ67US\ads[3].txt moved successfully.
C:\Users\Campoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZB5AQNQ\ads[1].txt moved successfully.

Registry entries deleted on Reboot...
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back