1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Redirect vrius, AVG won't run, PC fails to boot if restarted. Help Please.

Discussion in 'Virus & Other Malware Removal' started by rad_man, Jan 14, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. rad_man

    rad_man Thread Starter

    Joined:
    Jan 14, 2012
    Messages:
    5
    My PC has a redirect virus, I've scanned with malware bytes and avg in safe mode without networking, nothing. It fails to boot until system restored, which says it fails but boots up after anyway. MY AVG will not run when the system boots, it is somehow disabled, only option is to reinstall. If you see from the logs I've installed it a few times.

    Logs are as follows:

    HIJACK THIS

    DDS LOG
    See Attachment. Thanks guys. (y)
     

    Attached Files:

  2. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Hi and Welcome.

    Lets give it a try. You will need a USB (Flash) pendrive.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Click on Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.
     
  3. rad_man

    rad_man Thread Starter

    Joined:
    Jan 14, 2012
    Messages:
    5
    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
    Ran by SYSTEM at 2012-01-15 00:46:29
    Running from G:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet002

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
    HKLM\...\Run: [VX1000] C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
    HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2338656 2011-09-10] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-03] (Advanced Micro Devices, Inc.)
    HKU\Xanifur\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-07-22] (Valve Corporation)
    HKU\Xanifur\...\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [1496528 2011-09-02] (TrueCrypt Foundation)
    HKU\Xanifur\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
    HKU\Xanifur\...\Run: [RGSC] C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\GTAIV\RGSCLauncher.exe /silent [306088 2008-12-12] (Take-Two Interactive Software, Inc.)
    HKLM-x32\...\RunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe [20480 2007-07-26] ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    SubSystems: [Windows] ==> ZeroAccess

    ==================== Services (Whitelisted) ======

    3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7390560 2011-08-17] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
    2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2009-08-24] ()
    2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2329480 2011-08-15] (LogMeIn Inc.)
    3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
    2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()
    3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65824 2006-10-26] (Microsoft Corporation)
    2 SDLService; "C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe" [88064 2010-02-23] ()
    2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]

    ========================== Drivers (Whitelisted) =============

    3 AODDriver; \??\C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
    1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
    1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-10] (DT Soft Ltd)
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-01-14] (Windows (R) Server 2003 DDK provider)
    3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2012-01-14] ()
    3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [115312 2010-01-27] (JMicron Technology Corp.)
    3 ManyCam; C:\Windows\System32\DRIVERS\ManyCam_x64.sys [27136 2008-03-12] (ManyCam LLC.)
    3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
    3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [75776 2009-11-20] (NEC Electronics Corporation)
    3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [177152 2009-11-20] (NEC Electronics Corporation)
    3 rtkio; \??\C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [17392 2010-01-20] (Windows (R) Codename Longhorn DDK provider)
    3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [2060144 2010-05-20] (Microsoft Corporation)

    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2012-01-14 22:40 - 2012-01-14 22:40 - 1379549 ____A C:\Users\Xanifur\Downloads\FRST64.exe
    2012-01-14 22:32 - 2012-01-14 22:32 - 0007621 ____A C:\Users\Xanifur\AppData\Local\Resmon.ResmonCfg
    2012-01-14 19:38 - 2012-01-14 19:38 - 0000531 ____A C:\Windows\KB893803v2.log
    2012-01-14 19:17 - 2012-01-14 19:17 - 0509440 ____A (Tech Support Guy System) C:\Users\Xanifur\Downloads\SysInfo.exe
    2012-01-14 19:15 - 2012-01-14 19:20 - 0017140 ____A C:\Users\Xanifur\Desktop\DDS.txt
    2012-01-14 19:14 - 2012-01-14 19:20 - 0011975 ____A C:\Users\Xanifur\Desktop\Attach.txt
    2012-01-14 19:09 - 2012-01-14 19:09 - 0607260 ____R (Swearware) C:\Users\Xanifur\Downloads\dds.com
    2012-01-14 18:48 - 2012-01-14 18:48 - 0011141 ____A C:\Users\Xanifur\Desktop\hijackthis.log
    2012-01-14 18:46 - 2012-01-14 18:46 - 0011141 ____A C:\Users\Xanifur\Downloads\hijackthis.log
    2012-01-14 18:43 - 2012-01-14 18:43 - 0388608 ____A (Trend Micro Inc.) C:\Users\Xanifur\Downloads\HijackThis.exe
    2012-01-14 18:41 - 2012-01-14 18:41 - 0000000 ____D C:\Windows\pss
    2012-01-14 18:40 - 2012-01-14 18:40 - 0089894 ____A C:\Users\Xanifur\Documents\cc_20120114_203949 1-14-12.reg
    2012-01-14 15:12 - 2012-01-14 20:03 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-01-14 15:08 - 2012-01-14 15:09 - 163649328 ____A (AVG Technologies) C:\Users\Xanifur\Downloads\avg_free_x64_all_2012_1901a4695.exe
    2012-01-14 15:07 - 2012-01-14 15:07 - 0001014 ____A C:\Users\Public\Desktop\Mumble.lnk
    2012-01-14 15:06 - 2012-01-14 15:06 - 15254016 ____A C:\Users\Xanifur\Downloads\mumble-1.2.3(1).msi
    2012-01-13 13:07 - 2012-01-13 13:07 - 0000000 ____D C:\Users\All Users\AVG Secure Search
    2012-01-13 13:07 - 2012-01-13 13:07 - 0000000 ____D C:\ProgramData\AVG Secure Search
    2012-01-13 13:04 - 2012-01-13 13:04 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\AVG2012
    2012-01-11 19:09 - 2012-01-11 19:09 - 0002378 ____A C:\Users\Xanifur\Documents\MumbleAutomaticCertificateBackup.p12
    2012-01-11 19:03 - 2012-01-14 19:35 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Mumble
    2012-01-11 19:03 - 2012-01-14 15:07 - 0000000 ____D C:\Program Files (x86)\Mumble
    2012-01-11 19:03 - 2012-01-11 19:03 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Mumble
    2012-01-11 19:01 - 2012-01-11 19:02 - 15254016 ____A C:\Users\Xanifur\Downloads\mumble-1.2.3.msi
    2012-01-11 15:43 - 2012-01-14 16:57 - 0000000 ____D C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
    2012-01-11 15:43 - 2012-01-11 15:43 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Futuremark
    2012-01-10 20:53 - 2012-01-12 22:54 - 0000000 ____D C:\Users\Xanifur\AppData\Local\SecondLife
    2012-01-10 20:53 - 2012-01-10 20:53 - 0001139 ____A C:\Users\Public\Desktop\Second Life Viewer.lnk
    2012-01-10 20:53 - 2012-01-10 20:53 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\SecondLife
    2012-01-10 20:52 - 2012-01-14 16:57 - 0000000 ____D C:\Program Files (x86)\SecondLifeViewer
    2012-01-10 20:51 - 2012-01-10 20:52 - 29343312 ____A C:\Users\Xanifur\Downloads\Second_Life_3-2-5-247236_Setup.exe
    2011-12-24 02:28 - 2011-12-24 02:28 - 0000000 ____A C:\Windows\SysWOW64\4e4e104.com.b
    2011-12-24 02:01 - 2012-01-14 22:27 - 0000350 ____A C:\Windows\Tasks\At2.job
    2011-12-24 02:01 - 2012-01-14 22:27 - 0000348 ____A C:\Windows\Tasks\At1.job
    2011-12-24 02:01 - 2012-01-14 21:27 - 0000350 ____A C:\Windows\Tasks\At48.job
    2011-12-24 02:01 - 2012-01-14 21:27 - 0000348 ____A C:\Windows\Tasks\At47.job
    2011-12-24 02:01 - 2012-01-14 20:27 - 0000350 ____A C:\Windows\Tasks\At46.job
    2011-12-24 02:01 - 2012-01-14 20:27 - 0000348 ____A C:\Windows\Tasks\At45.job
    2011-12-24 02:01 - 2012-01-14 19:27 - 0000350 ____A C:\Windows\Tasks\At44.job
    2011-12-24 02:01 - 2012-01-14 19:27 - 0000348 ____A C:\Windows\Tasks\At43.job
    2011-12-24 02:01 - 2012-01-14 15:02 - 0000348 ____A C:\Windows\Tasks\At39.job
    2011-12-24 02:01 - 2012-01-11 18:27 - 0000350 ____A C:\Windows\Tasks\At42.job
    2011-12-24 02:01 - 2012-01-11 18:27 - 0000348 ____A C:\Windows\Tasks\At41.job
    2011-12-24 02:01 - 2012-01-11 17:27 - 0000350 ____A C:\Windows\Tasks\At40.job
    2011-12-24 02:01 - 2012-01-11 16:27 - 0000350 ____A C:\Windows\Tasks\At38.job
    2011-12-24 02:01 - 2012-01-11 16:27 - 0000348 ____A C:\Windows\Tasks\At37.job
    2011-12-24 02:01 - 2012-01-11 15:27 - 0000350 ____A C:\Windows\Tasks\At36.job
    2011-12-24 02:01 - 2012-01-11 15:27 - 0000348 ____A C:\Windows\Tasks\At35.job
    2011-12-24 02:01 - 2012-01-11 14:27 - 0000350 ____A C:\Windows\Tasks\At34.job
    2011-12-24 02:01 - 2012-01-11 14:27 - 0000348 ____A C:\Windows\Tasks\At33.job
    2011-12-24 02:01 - 2012-01-11 13:27 - 0000350 ____A C:\Windows\Tasks\At32.job
    2011-12-24 02:01 - 2012-01-11 13:27 - 0000348 ____A C:\Windows\Tasks\At31.job
    2011-12-24 02:01 - 2012-01-11 12:27 - 0000350 ____A C:\Windows\Tasks\At30.job
    2011-12-24 02:01 - 2012-01-11 12:27 - 0000348 ____A C:\Windows\Tasks\At29.job
    2011-12-24 02:01 - 2012-01-11 11:27 - 0000350 ____A C:\Windows\Tasks\At28.job
    2011-12-24 02:01 - 2012-01-11 11:27 - 0000348 ____A C:\Windows\Tasks\At27.job
    2011-12-24 02:01 - 2012-01-11 10:27 - 0000350 ____A C:\Windows\Tasks\At26.job
    2011-12-24 02:01 - 2012-01-11 10:27 - 0000348 ____A C:\Windows\Tasks\At25.job
    2011-12-24 02:01 - 2012-01-11 09:27 - 0000350 ____A C:\Windows\Tasks\At24.job
    2011-12-24 02:01 - 2012-01-11 09:27 - 0000348 ____A C:\Windows\Tasks\At23.job
    2011-12-24 02:01 - 2012-01-11 08:27 - 0000350 ____A C:\Windows\Tasks\At22.job
    2011-12-24 02:01 - 2012-01-11 08:27 - 0000348 ____A C:\Windows\Tasks\At21.job
    2011-12-24 02:01 - 2012-01-11 07:27 - 0000350 ____A C:\Windows\Tasks\At20.job
    2011-12-24 02:01 - 2012-01-11 07:27 - 0000348 ____A C:\Windows\Tasks\At19.job
    2011-12-24 02:01 - 2012-01-11 06:27 - 0000350 ____A C:\Windows\Tasks\At18.job
    2011-12-24 02:01 - 2012-01-11 06:27 - 0000348 ____A C:\Windows\Tasks\At17.job
    2011-12-24 02:01 - 2012-01-11 05:27 - 0000350 ____A C:\Windows\Tasks\At16.job
    2011-12-24 02:01 - 2012-01-11 05:27 - 0000348 ____A C:\Windows\Tasks\At15.job
    2011-12-24 02:01 - 2012-01-11 04:27 - 0000350 ____A C:\Windows\Tasks\At14.job
    2011-12-24 02:01 - 2012-01-11 04:27 - 0000348 ____A C:\Windows\Tasks\At13.job
    2011-12-24 02:01 - 2012-01-11 03:27 - 0000350 ____A C:\Windows\Tasks\At12.job
    2011-12-24 02:01 - 2012-01-11 03:27 - 0000348 ____A C:\Windows\Tasks\At11.job
    2011-12-24 02:01 - 2012-01-11 02:27 - 0000350 ____A C:\Windows\Tasks\At10.job
    2011-12-24 02:01 - 2012-01-11 02:27 - 0000348 ____A C:\Windows\Tasks\At9.job
    2011-12-24 02:01 - 2012-01-11 01:27 - 0000350 ____A C:\Windows\Tasks\At8.job
    2011-12-24 02:01 - 2012-01-11 01:27 - 0000348 ____A C:\Windows\Tasks\At7.job
    2011-12-24 02:01 - 2012-01-11 00:27 - 0000350 ____A C:\Windows\Tasks\At6.job
    2011-12-24 02:01 - 2012-01-11 00:27 - 0000348 ____A C:\Windows\Tasks\At5.job
    2011-12-24 02:01 - 2012-01-10 23:27 - 0000350 ____A C:\Windows\Tasks\At4.job
    2011-12-24 02:01 - 2012-01-10 23:27 - 0000348 ____A C:\Windows\Tasks\At3.job
    2011-12-24 02:01 - 2011-12-24 02:29 - 0000112 ____A C:\Users\All Users\4phy5Je.dat
    2011-12-24 02:01 - 2011-12-24 02:29 - 0000112 ____A C:\ProgramData\4phy5Je.dat
    2011-12-24 00:22 - 2012-01-14 16:54 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Malwarebytes
    2011-12-24 00:09 - 2012-01-14 16:57 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-12-24 00:09 - 2012-01-14 16:53 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2011-12-24 00:09 - 2012-01-14 16:53 - 0000000 ____D C:\ProgramData\Malwarebytes
    2011-12-24 00:09 - 2011-12-24 00:09 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\Xanifur\Downloads\mbam-setup-1.51.2.1300.exe
    2011-12-24 00:09 - 2011-12-10 13:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2011-12-23 19:55 - 2012-01-14 16:55 - 0000000 ____D C:\Windows\SysWOW64\directx
    2011-12-23 19:55 - 2011-12-23 19:55 - 0000000 ___HD C:\Windows\msdownld.tmp
    2011-12-22 01:38 - 2011-12-22 01:38 - 0001395 _RASH C:\Windows\System32\Drivers\etc\hosts
    2011-12-21 17:24 - 2012-01-14 16:54 - 0000000 ____D C:\Windows\System32\Macromed
    2011-12-21 17:12 - 2011-12-21 17:12 - 0000000 ____D C:\Windows\system64
    2011-12-21 17:12 - 2011-12-21 17:12 - 0000000 ____A C:\Users\Xanifur\AppData\Roaming\RVtTj.txt


    ============ 3 Months Modified Files and Folders =============

    2012-01-15 00:46 - 2012-01-15 00:46 - 0000000 ____D C:\FRST
    2012-01-14 22:43 - 2011-07-09 22:58 - 0000291 ____A C:\service.log
    2012-01-14 22:43 - 2011-07-09 22:51 - 0219091 ____A C:\Windows\WindowsUpdate.log
    2012-01-14 22:42 - 2009-07-13 21:13 - 0713888 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-01-14 22:40 - 2012-01-14 22:40 - 1379549 ____A C:\Users\Xanifur\Downloads\FRST64.exe
    2012-01-14 22:33 - 2011-07-10 16:16 - 0000000 ____D C:\Users\All Users\MFAData
    2012-01-14 22:33 - 2011-07-10 16:16 - 0000000 ____D C:\ProgramData\MFAData
    2012-01-14 22:32 - 2012-01-14 22:32 - 0007621 ____A C:\Users\Xanifur\AppData\Local\Resmon.ResmonCfg
    2012-01-14 22:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At2.job
    2012-01-14 22:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At1.job
    2012-01-14 21:55 - 2011-07-10 14:11 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-01-14 21:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At48.job
    2012-01-14 21:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At47.job
    2012-01-14 21:23 - 2011-07-09 23:30 - 0000000 ____D C:\Program Files (x86)\Steam
    2012-01-14 21:10 - 2011-07-29 17:42 - 1275152 ____A C:\shared.log
    2012-01-14 20:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At46.job
    2012-01-14 20:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At45.job
    2012-01-14 20:25 - 2011-07-12 18:29 - 0281880 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-01-14 20:25 - 2011-07-12 18:28 - 0281880 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-01-14 20:25 - 2011-07-12 18:28 - 0280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-01-14 20:23 - 2011-07-10 16:50 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
    2012-01-14 20:22 - 2011-07-20 17:33 - 0000000 ____D C:\Program Files\iTunes
    2012-01-14 20:22 - 2011-07-20 17:33 - 0000000 ____D C:\Program Files (x86)\iTunes
    2012-01-14 20:22 - 2011-07-20 17:32 - 0000000 ____D C:\Users\All Users\Apple Computer
    2012-01-14 20:22 - 2011-07-20 17:32 - 0000000 ____D C:\ProgramData\Apple Computer
    2012-01-14 20:22 - 2011-07-20 17:32 - 0000000 ____D C:\Program Files\Bonjour
    2012-01-14 20:22 - 2011-07-20 17:32 - 0000000 ____D C:\Program Files (x86)\QuickTime
    2012-01-14 20:22 - 2011-07-20 17:32 - 0000000 ____D C:\Program Files (x86)\Bonjour
    2012-01-14 20:22 - 2011-07-10 16:50 - 0000000 ____D C:\Windows\System32\Drivers\AVG
    2012-01-14 20:22 - 2011-07-10 14:48 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Rainmeter
    2012-01-14 20:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
    2012-01-14 20:19 - 2011-10-14 13:53 - 0000000 ____D C:\Users\All Users\AVG2012
    2012-01-14 20:19 - 2011-10-14 13:53 - 0000000 ____D C:\ProgramData\AVG2012
    2012-01-14 20:19 - 2011-07-20 17:33 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2012-01-14 20:19 - 2011-07-20 17:33 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2012-01-14 20:19 - 2011-07-20 17:33 - 0000000 ____D C:\Program Files\iPod
    2012-01-14 20:19 - 2011-07-20 17:32 - 0000000 ____D C:\Users\All Users\Apple
    2012-01-14 20:19 - 2011-07-20 17:32 - 0000000 ____D C:\ProgramData\Apple
    2012-01-14 20:19 - 2011-07-10 16:53 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\AVG10
    2012-01-14 20:19 - 2011-07-10 16:49 - 0000000 ____D C:\Program Files (x86)\AVG
    2012-01-14 20:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
    2012-01-14 20:03 - 2012-01-14 15:12 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-01-14 19:38 - 2012-01-14 19:38 - 0000531 ____A C:\Windows\KB893803v2.log
    2012-01-14 19:38 - 2011-10-20 21:34 - 0000983 ____A C:\Users\Public\Desktop\Origin.lnk
    2012-01-14 19:38 - 2011-07-29 17:14 - 0000000 ____D C:\Program Files (x86)\Origin
    2012-01-14 19:35 - 2012-01-11 19:03 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Mumble
    2012-01-14 19:32 - 2011-07-11 22:13 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\BitTorrent
    2012-01-14 19:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At44.job
    2012-01-14 19:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At43.job
    2012-01-14 19:20 - 2012-01-14 19:15 - 0017140 ____A C:\Users\Xanifur\Desktop\DDS.txt
    2012-01-14 19:20 - 2012-01-14 19:14 - 0011975 ____A C:\Users\Xanifur\Desktop\Attach.txt
    2012-01-14 19:17 - 2012-01-14 19:17 - 0509440 ____A (Tech Support Guy System) C:\Users\Xanifur\Downloads\SysInfo.exe
    2012-01-14 19:09 - 2012-01-14 19:09 - 0607260 ____R (Swearware) C:\Users\Xanifur\Downloads\dds.com
    2012-01-14 18:48 - 2012-01-14 18:48 - 0011141 ____A C:\Users\Xanifur\Desktop\hijackthis.log
    2012-01-14 18:46 - 2012-01-14 18:46 - 0011141 ____A C:\Users\Xanifur\Downloads\hijackthis.log
    2012-01-14 18:44 - 2009-07-13 20:45 - 0014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-01-14 18:44 - 2009-07-13 20:45 - 0014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-01-14 18:43 - 2012-01-14 18:43 - 0388608 ____A (Trend Micro Inc.) C:\Users\Xanifur\Downloads\HijackThis.exe
    2012-01-14 18:41 - 2012-01-14 18:41 - 0000000 ____D C:\Windows\pss
    2012-01-14 18:41 - 2011-10-18 20:10 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Winamp
    2012-01-14 18:41 - 2011-07-10 16:36 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\DAEMON Tools Lite
    2012-01-14 18:40 - 2012-01-14 18:40 - 0089894 ____A C:\Users\Xanifur\Documents\cc_20120114_203949 1-14-12.reg
    2012-01-14 18:37 - 2011-09-12 17:08 - 0000000 ____D C:\Users\Xanifur\AppData\Local\LogMeIn Hamachi
    2012-01-14 18:37 - 2011-07-10 14:11 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-01-14 18:37 - 2011-07-09 23:08 - 0030528 ____A C:\Windows\GVTDrv64.sys
    2012-01-14 18:37 - 2011-07-09 23:08 - 0000004 ____A C:\Windows\SysWOW64\GVTunner.ref
    2012-01-14 18:37 - 2011-07-09 23:07 - 0025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2012-01-14 18:37 - 2011-07-09 22:49 - 0000000 ____D C:\users\Xanifur
    2012-01-14 18:37 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-01-14 18:36 - 2011-07-10 16:50 - 0000000 ____D C:\Users\All Users\AVG10
    2012-01-14 18:36 - 2011-07-10 16:50 - 0000000 ____D C:\ProgramData\AVG10
    2012-01-14 18:36 - 2011-07-10 00:44 - 3219300352 __ASH C:\hiberfil.sys
    2012-01-14 18:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
    2012-01-14 16:57 - 2012-01-11 15:43 - 0000000 ____D C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
    2012-01-14 16:57 - 2012-01-10 20:52 - 0000000 ____D C:\Program Files (x86)\SecondLifeViewer
    2012-01-14 16:57 - 2011-12-24 00:09 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-14 16:57 - 2011-11-13 19:16 - 0000000 ____D C:\LANoire
    2012-01-14 16:57 - 2011-07-09 23:43 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-01-14 16:57 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
    2012-01-14 16:56 - 2011-07-29 17:14 - 0000000 ____D C:\Users\All Users\Origin
    2012-01-14 16:56 - 2011-07-29 17:14 - 0000000 ____D C:\ProgramData\Origin
    2012-01-14 16:56 - 2011-07-11 17:38 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\vlc
    2012-01-14 16:56 - 2011-07-10 14:21 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Ventrilo
    2012-01-14 16:55 - 2011-12-23 19:55 - 0000000 ____D C:\Windows\SysWOW64\directx
    2012-01-14 16:54 - 2011-12-24 00:22 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Malwarebytes
    2012-01-14 16:54 - 2011-12-21 17:24 - 0000000 ____D C:\Windows\System32\Macromed
    2012-01-14 16:54 - 2011-11-11 17:13 - 0000000 ____D C:\Users\All Users\Rockstar Games
    2012-01-14 16:54 - 2011-11-11 17:13 - 0000000 ____D C:\ProgramData\Rockstar Games
    2012-01-14 16:54 - 2011-11-11 14:03 - 0000000 ____D C:\Skyrim
    2012-01-14 16:54 - 2011-11-09 00:37 - 0000000 ____D C:\Users\Xanifur\Desktop\Phx_data
    2012-01-14 16:54 - 2011-10-24 10:14 - 0000000 ____D C:\Users\Xanifur\Documents\Rockstar Games
    2012-01-14 16:54 - 2011-10-24 10:10 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Rockstar Games
    2012-01-14 16:54 - 2011-10-18 19:27 - 0000000 ____D C:\Users\Xanifur\Documents\Arktos
    2012-01-14 16:54 - 2011-10-18 19:25 - 0000000 ____D C:\Users\Public\entropia universe
    2012-01-14 16:54 - 2011-09-29 01:33 - 0000000 ____D C:\Users\Xanifur\Documents\Ubisoft
    2012-01-14 16:54 - 2011-09-27 08:57 - 0000000 ____D C:\Users\Xanifur\Documents\Battlefield 3 Open Beta
    2012-01-14 16:54 - 2011-09-26 20:04 - 0000000 ____D C:\Users\Xanifur\Documents\Alpha Protocol
    2012-01-14 16:54 - 2011-09-26 20:01 - 0000000 ____D C:\Users\Xanifur\Documents\SEGA
    2012-01-14 16:54 - 2011-09-18 09:27 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\StreamTorrent
    2012-01-14 16:54 - 2011-08-31 17:02 - 0000000 ____D C:\Users\Xanifur\Documents\My Games
    2012-01-14 16:54 - 2011-08-31 16:29 - 0000000 ____D C:\Windows\Downloaded Installations
    2012-01-14 16:54 - 2011-07-22 17:04 - 0000000 ____D C:\Users\Xanifur\AppData\Local\2K Games
    2012-01-14 16:54 - 2011-07-15 11:41 - 0000000 ____D C:\Users\Xanifur\Documents\Witcher 2
    2012-01-14 16:54 - 2011-07-14 01:30 - 0000000 ____D C:\Users\All Users\WinZip
    2012-01-14 16:54 - 2011-07-14 01:30 - 0000000 ____D C:\ProgramData\WinZip
    2012-01-14 16:54 - 2011-07-12 18:29 - 0000000 ____D C:\Users\Xanifur\Documents\BFBC2
    2012-01-14 16:54 - 2011-07-12 18:29 - 0000000 ____D C:\Users\Xanifur\AppData\Local\PunkBuster
    2012-01-14 16:53 - 2011-12-24 00:09 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2012-01-14 16:53 - 2011-12-24 00:09 - 0000000 ____D C:\ProgramData\Malwarebytes
    2012-01-14 16:53 - 2011-12-08 00:30 - 0000000 ____D C:\Program Files (x86)\ManyCam
    2012-01-14 16:53 - 2011-11-11 17:12 - 0000000 ____D C:\Program Files (x86)\Rockstar Games
    2012-01-14 16:53 - 2011-11-11 14:14 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
    2012-01-14 16:53 - 2011-11-01 19:39 - 0000000 ____D C:\Program Files (x86)\Focus Home Interactive
    2012-01-14 16:53 - 2011-10-18 20:10 - 0000000 ____D C:\Program Files (x86)\Winamp
    2012-01-14 16:53 - 2011-10-18 19:24 - 0000000 ____D C:\Program Files (x86)\Entropia Universe
    2012-01-14 16:53 - 2011-10-11 19:10 - 0000000 ____D C:\Program Files (x86)\Demolition Inc
    2012-01-14 16:53 - 2011-10-11 17:19 - 0000000 ___HD C:\Program Files (x86)\InstallJammer Registry
    2012-01-14 16:53 - 2011-10-06 17:45 - 0000000 ____D C:\Program Files (x86)\AMD APP
    2012-01-14 16:53 - 2011-10-06 16:43 - 0000000 ____D C:\Program Files (x86)\Bethesda Softworks
    2012-01-14 16:53 - 2011-10-03 23:49 - 0000000 ____D C:\Program Files (x86)\GameSpy Arcade
    2012-01-14 16:53 - 2011-10-03 23:48 - 0000000 ____D C:\Program Files (x86)\Microsoft Games
    2012-01-14 16:53 - 2011-09-29 01:24 - 0000000 ____D C:\Program Files (x86)\Black_Box
    2012-01-14 16:53 - 2011-09-27 08:56 - 0000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
    2012-01-14 16:53 - 2011-09-21 17:30 - 0000000 ____D C:\Program Files (x86)\Adobe
    2012-01-14 16:53 - 2011-09-21 17:29 - 0000000 ____D C:\Users\All Users\Adobe
    2012-01-14 16:53 - 2011-09-21 17:29 - 0000000 ____D C:\ProgramData\Adobe
    2012-01-14 16:53 - 2011-09-20 13:54 - 0000000 ____D C:\Program Files (x86)\Square Enix
    2012-01-14 16:53 - 2011-09-20 12:29 - 0000000 ____D C:\Program Files (x86)\Tripwire Interactive
    2012-01-14 16:53 - 2011-09-19 16:13 - 0000000 ____D C:\Program Files (x86)\RBO
    2012-01-14 16:53 - 2011-09-18 16:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
    2012-01-14 16:53 - 2011-09-18 16:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
    2012-01-14 16:53 - 2011-09-18 16:57 - 0000000 ____D C:\Program Files\Microsoft Office
    2012-01-14 16:53 - 2011-09-18 16:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-01-14 16:53 - 2011-09-18 16:56 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
    2012-01-14 16:53 - 2011-09-18 09:27 - 0000000 ____D C:\Program Files (x86)\StreamTorrent 1.0
    2012-01-14 16:53 - 2011-09-17 17:03 - 0000000 ____D C:\Program Files\CCleaner
    2012-01-14 16:53 - 2011-09-12 00:06 - 0000000 ____D C:\Program Files (x86)\Dead Island
    2012-01-14 16:53 - 2011-09-11 15:12 - 0000000 ____D C:\Program Files (x86)\EA Games
    2012-01-14 16:53 - 2011-09-07 23:34 - 0000000 ____D C:\Program Files (x86)\CamStudio 2.6b
    2012-01-14 16:53 - 2011-09-06 19:18 - 0000000 ____D C:\Program Files (x86)\Ubisoft
    2012-01-14 16:53 - 2011-09-05 15:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2012-01-14 16:53 - 2011-09-05 15:25 - 0000000 ____D C:\Program Files (x86)\Codemasters
    2012-01-14 16:53 - 2011-08-31 16:29 - 0000000 ____D C:\Program Files (x86)\Macromedia
    2012-01-14 16:53 - 2011-07-29 17:44 - 0000000 ____D C:\Program Files (x86)\BF3 Alpha Trial Web Plugins
    2012-01-14 16:53 - 2011-07-29 17:14 - 0000000 ____D C:\Users\All Users\Electronic Arts
    2012-01-14 16:53 - 2011-07-29 17:14 - 0000000 ____D C:\ProgramData\Electronic Arts
    2012-01-14 16:53 - 2011-07-29 17:14 - 0000000 ____D C:\Program Files (x86)\Origin Games
    2012-01-14 16:53 - 2011-07-22 17:05 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-01-14 16:53 - 2011-07-22 16:55 - 0000000 ____D C:\Program Files (x86)\2K Games
    2012-01-14 16:53 - 2011-07-20 19:54 - 0000000 ____D C:\Program Files\Microsoft LifeCam
    2012-01-14 16:53 - 2011-07-20 19:54 - 0000000 ____D C:\Program Files (x86)\Microsoft LifeCam
    2012-01-14 16:53 - 2011-07-20 17:32 - 0000000 ____D C:\Program Files\Common Files\Apple
    2012-01-14 16:53 - 2011-07-20 17:32 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-01-14 16:53 - 2011-07-15 20:19 - 0000000 ____D C:\Program Files (x86)\Lightside - Legend Ragnarok
    2012-01-14 16:53 - 2011-07-15 11:31 - 0000000 ____D C:\Program Files (x86)\The Witcher 2
    2012-01-14 16:53 - 2011-07-14 14:44 - 0000000 ____D C:\Program Files (x86)\Carnivores 2
    2012-01-14 16:53 - 2011-07-14 01:31 - 0000000 ____D C:\Program Files (x86)\WinZip Courier
    2012-01-14 16:53 - 2011-07-14 01:30 - 0000000 ____D C:\Program Files (x86)\WinZip
    2012-01-14 16:52 - 2011-10-20 23:19 - 0000000 ____D C:\Games
    2012-01-14 16:52 - 2011-10-06 17:40 - 0000000 ____D C:\AMD
    2012-01-14 16:52 - 2011-09-18 16:56 - 0000000 __RHD C:\MSOCache
    2012-01-14 15:09 - 2012-01-14 15:08 - 163649328 ____A (AVG Technologies) C:\Users\Xanifur\Downloads\avg_free_x64_all_2012_1901a4695.exe
    2012-01-14 15:07 - 2012-01-14 15:07 - 0001014 ____A C:\Users\Public\Desktop\Mumble.lnk
    2012-01-14 15:07 - 2012-01-11 19:03 - 0000000 ____D C:\Program Files (x86)\Mumble
    2012-01-14 15:06 - 2012-01-14 15:06 - 15254016 ____A C:\Users\Xanifur\Downloads\mumble-1.2.3(1).msi
    2012-01-14 15:02 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At39.job
    2012-01-13 13:07 - 2012-01-13 13:07 - 0000000 ____D C:\Users\All Users\AVG Secure Search
    2012-01-13 13:07 - 2012-01-13 13:07 - 0000000 ____D C:\ProgramData\AVG Secure Search
    2012-01-13 13:04 - 2012-01-13 13:04 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\AVG2012
    2012-01-12 22:54 - 2012-01-10 20:53 - 0000000 ____D C:\Users\Xanifur\AppData\Local\SecondLife
    2012-01-11 20:23 - 2011-09-20 16:03 - 0000000 ____D C:\Users\Xanifur\AppData\Local\dxhr
    2012-01-11 19:09 - 2012-01-11 19:09 - 0002378 ____A C:\Users\Xanifur\Documents\MumbleAutomaticCertificateBackup.p12
    2012-01-11 19:03 - 2012-01-11 19:03 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Mumble
    2012-01-11 19:02 - 2012-01-11 19:01 - 15254016 ____A C:\Users\Xanifur\Downloads\mumble-1.2.3.msi
    2012-01-11 18:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At42.job
    2012-01-11 18:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At41.job
    2012-01-11 17:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At40.job
    2012-01-11 16:39 - 2009-07-13 18:36 - 0103496 ____A C:\Windows\System32\perfc009(7218).dat
    2012-01-11 16:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At38.job
    2012-01-11 16:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At37.job
    2012-01-11 15:43 - 2012-01-11 15:43 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Futuremark
    2012-01-11 15:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At36.job
    2012-01-11 15:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At35.job
    2012-01-11 14:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At34.job
    2012-01-11 14:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At33.job
    2012-01-11 13:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At32.job
    2012-01-11 13:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At31.job
    2012-01-11 12:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At30.job
    2012-01-11 12:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At29.job
    2012-01-11 11:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At28.job
    2012-01-11 11:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At27.job
    2012-01-11 10:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At26.job
    2012-01-11 10:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At25.job
    2012-01-11 09:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At24.job
    2012-01-11 09:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At23.job
    2012-01-11 08:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At22.job
    2012-01-11 08:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At21.job
    2012-01-11 07:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At20.job
    2012-01-11 07:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At19.job
    2012-01-11 06:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At18.job
    2012-01-11 06:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At17.job
    2012-01-11 05:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At16.job
    2012-01-11 05:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At15.job
    2012-01-11 04:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At14.job
    2012-01-11 04:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At13.job
    2012-01-11 03:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At12.job
    2012-01-11 03:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At11.job
    2012-01-11 02:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At10.job
    2012-01-11 02:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At9.job
    2012-01-11 01:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At8.job
    2012-01-11 01:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At7.job
    2012-01-11 00:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At6.job
    2012-01-11 00:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At5.job
    2012-01-10 23:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At4.job
    2012-01-10 23:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At3.job
    2012-01-10 20:53 - 2012-01-10 20:53 - 0001139 ____A C:\Users\Public\Desktop\Second Life Viewer.lnk
    2012-01-10 20:53 - 2012-01-10 20:53 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\SecondLife
    2012-01-10 20:52 - 2012-01-10 20:51 - 29343312 ____A C:\Users\Xanifur\Downloads\Second_Life_3-2-5-247236_Setup.exe
    2012-01-10 16:34 - 2011-07-09 22:49 - 0000000 ____D C:\Users\Xanifur\AppData\LocalLow
    2012-01-09 18:29 - 2011-07-12 18:28 - 0076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2011-12-24 02:29 - 2011-12-24 02:01 - 0000112 ____A C:\Users\All Users\4phy5Je.dat
    2011-12-24 02:29 - 2011-12-24 02:01 - 0000112 ____A C:\ProgramData\4phy5Je.dat
    2011-12-24 02:28 - 2011-12-24 02:28 - 0000000 ____A C:\Windows\SysWOW64\4e4e104.com.b
    2011-12-24 00:09 - 2011-12-24 00:09 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\Xanifur\Downloads\mbam-setup-1.51.2.1300.exe
    2011-12-23 19:55 - 2011-12-23 19:55 - 0000000 ___HD C:\Windows\msdownld.tmp
    2011-12-22 01:38 - 2011-12-22 01:38 - 0001395 _RASH C:\Windows\System32\Drivers\etc\hosts
    2011-12-21 17:24 - 2011-07-09 23:48 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2011-12-21 17:23 - 2011-12-13 01:56 - 3840632 ____A C:\Users\Xanifur\Downloads\battlelog-web-plugins-1.104.0-retail-prod.exe
    2011-12-21 17:12 - 2011-12-21 17:12 - 0000000 ____D C:\Windows\system64
    2011-12-21 17:12 - 2011-12-21 17:12 - 0000000 ____A C:\Users\Xanifur\AppData\Roaming\RVtTj.txt
    2011-12-20 17:26 - 2011-07-23 13:19 - 0000000 ____D C:\Users\Xanifur\AppData\Local\ElevatedDiagnostics
    2011-12-15 23:49 - 2011-09-18 18:08 - 0000000 ____D C:\Users\Xanifur\Documents\School
    2011-12-15 21:00 - 2011-09-18 16:56 - 0000000 ____D C:\Users\All Users\Microsoft Help
    2011-12-15 21:00 - 2011-09-18 16:56 - 0000000 ____D C:\ProgramData\Microsoft Help
    2011-12-15 20:55 - 2011-12-15 20:55 - 0013579 ____A C:\Users\Xanifur\Downloads\Executive Summary.docx
    2011-12-15 20:51 - 2011-12-15 20:51 - 1824256 ____A C:\Users\Xanifur\Downloads\For real Final Draft.doc
    2011-12-12 21:44 - 2011-11-23 00:42 - 0000000 ____D C:\Program Files (x86)\Jnes
    2011-12-12 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
    2011-12-10 13:24 - 2011-12-24 00:09 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2011-12-08 00:31 - 2011-12-08 00:31 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\ManyCam
    2011-12-08 00:31 - 2011-12-08 00:31 - 0000000 ____D C:\Users\Xanifur\AppData\Local\ManyCam
    2011-12-08 00:31 - 2011-12-08 00:31 - 0000000 ____D C:\Users\Xanifur\AppData\Local\APN
    2011-12-08 00:29 - 2011-12-08 00:29 - 0000000 ____D C:\Users\All Users\Ask
    2011-12-08 00:29 - 2011-12-08 00:29 - 0000000 ____D C:\ProgramData\Ask
    2011-12-08 00:28 - 2011-12-08 00:28 - 12956640 ____A (ManyCam LLC) C:\Users\Xanifur\Downloads\ManyCam.exe
    2011-12-05 02:14 - 2011-07-09 23:48 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Adobe
    2011-12-05 02:13 - 2011-12-05 02:13 - 0001377 ____A C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    2011-12-04 02:47 - 2011-12-04 02:47 - 0000928 ____A C:\Users\Xanifur\Desktop\Shortcut to xc3.exe.lnk
    2011-12-04 02:47 - 2011-12-04 02:46 - 0000000 ____D C:\Program Files (x86)\X-Change 3
    2011-12-04 02:42 - 2011-12-04 02:10 - 0004620 ____A C:\Windows\XChange.dat
    2011-12-04 02:21 - 2011-12-04 02:21 - 0000000 ____D C:\Users\Xanifur\Desktop\New folder
    2011-12-04 02:21 - 2011-12-04 02:21 - 0000000 ____D C:\Users\Xanifur\Desktop\3danalyzer
    2011-12-04 02:18 - 2011-12-03 20:45 - 0001199 ____A C:\Users\Xanifur\Desktop\X-change.lnk
    2011-12-03 20:45 - 2011-12-03 20:45 - 0000000 ____D C:\Program Files (x86)\Peach Princess
    2011-11-23 00:42 - 2011-11-23 00:42 - 0350979 ____A C:\Users\Xanifur\Downloads\jnes_1_0_2.exe
    2011-11-23 00:42 - 2011-11-23 00:42 - 0000955 ____A C:\Users\Xanifur\Desktop\Jnes.lnk
    2011-11-19 01:44 - 2011-11-19 01:39 - 50949552 ____A C:\Users\Xanifur\Downloads\SkyrimNudeFemales-FullDownload.zip
    2011-11-17 14:35 - 2011-09-20 12:38 - 0000000 ____D C:\Users\Xanifur\AppData\Local\SKIDROW
    2011-11-15 02:56 - 2011-11-15 02:56 - 0002218 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2011-11-15 02:56 - 2011-07-10 14:11 - 0000000 ____D C:\Program Files (x86)\Google
    2011-11-15 01:48 - 2011-11-15 01:37 - 0000000 ____D C:\Users\Xanifur\Documents\draw
    2011-11-13 19:28 - 2011-11-13 19:28 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Chromium
    2011-11-13 19:17 - 2011-07-09 22:58 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2011-11-12 23:23 - 2011-09-03 23:44 - 0000000 ____D C:\Program Files\PeerBlock
    2011-11-12 23:01 - 2011-11-12 23:00 - 0000000 ____D C:\Users\Xanifur\Desktop\flash drive 2gb
    2011-11-11 14:28 - 2011-11-11 14:20 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Skyrim
    2011-11-11 14:13 - 2011-11-11 14:13 - 0018160 ____A C:\Users\Xanifur\Desktop\Phx_bugreport.txt
    2011-11-11 14:13 - 2011-11-09 00:37 - 0012710 ____A C:\Users\Xanifur\Desktop\Phx_debug_log.txt
    2011-11-11 14:13 - 2011-11-09 00:37 - 0002014 ____A C:\Users\Xanifur\Desktop\Phx_settings.ini
    2011-11-09 21:49 - 2011-11-09 00:36 - 0000000 ____D C:\MW3
    2011-11-09 00:37 - 2011-11-09 00:07 - 0000673 ____A C:\Users\Public\Desktop\Phoenix.lnk
    2011-11-09 00:06 - 2011-11-09 00:06 - 14986068 ____A C:\Users\Xanifur\Downloads\Phoenix_15beta8.rar
    2011-11-07 15:58 - 2011-11-07 15:43 - 0012464 ____A C:\Users\Xanifur\Documents\part3 Ryan Walters.docx
    2011-11-04 08:16 - 2011-11-04 08:16 - 3840608 ____A C:\Users\Xanifur\Downloads\battlelog-web-plugins-1.102.0-retail-prod.exe
    2011-11-04 01:55 - 2011-07-14 01:31 - 0000000 ____D C:\Users\Xanifur\AppData\Local\WinZip
    2011-11-03 00:43 - 2011-07-20 17:33 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Apple Computer
    2011-11-01 19:46 - 2011-11-01 19:46 - 0002285 ____A C:\Users\Public\Desktop\Cities XL 2011.lnk
    2011-11-01 19:44 - 2011-11-01 19:44 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Focus Home Interactive
    2011-10-31 01:21 - 2011-07-29 17:15 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Origin
    2011-10-25 20:28 - 2011-10-25 20:28 - 0642881 ____A C:\Users\Xanifur\Documents\The Role of Theory in Aesthetics (Weitz).pdf
    2011-10-24 20:03 - 2011-10-24 20:03 - 0000000 ____D C:\Users\Xanifur\Documents\Battlefield 3
    2011-10-24 20:02 - 2011-10-24 20:02 - 3830848 ____A C:\Users\Xanifur\Downloads\battlelog-web-plugins-1.96.0-retail-prod.exe
    2011-10-24 10:13 - 2011-10-24 10:13 - 0000000 ____D C:\Users\Xanifur\Documents\Games for Windows - LIVE Demos
    2011-10-24 10:11 - 2011-10-24 10:11 - 0000000 __SHD C:\Users\All Users\SecuROM
    2011-10-24 10:11 - 2011-10-24 10:11 - 0000000 __SHD C:\ProgramData\SecuROM
    2011-10-24 10:10 - 2011-10-24 10:10 - 0178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
    2011-10-24 10:10 - 2011-10-24 10:10 - 0000000 __RHD C:\Users\Xanifur\AppData\Roaming\SecuROM
    2011-10-24 10:08 - 2011-10-24 10:08 - 57280976 ____A C:\Users\Xanifur\Downloads\gtaiv_patch_1040.zip
    2011-10-24 10:08 - 2011-10-24 10:08 - 2796287 ____A C:\Users\Xanifur\Downloads\RGSC_1_1_3_0.rar
    2011-10-24 10:03 - 2011-10-24 10:03 - 0000000 ____D C:\Users\Xanifur\Desktop\gta spark
    2011-10-24 10:02 - 2011-10-24 10:02 - 0455532 ____A C:\Users\Xanifur\Downloads\SparkIV0.6.2.3forGTAIVv1.0.0.4.rar
    2011-10-23 22:57 - 2011-10-23 22:57 - 9393096 ____A C:\Users\Xanifur\Downloads\1319424560_WEAPONS.rar
    2011-10-23 22:45 - 2011-10-23 22:45 - 8471261 ____A C:\Users\Xanifur\Downloads\1313683772_iCEnhancer13N.rar
    2011-10-21 00:33 - 2011-10-21 00:02 - 0000000 ____D C:\Users\Xanifur\Documents\GrayMatter
    2011-10-20 23:31 - 2011-10-20 23:31 - 0000721 ____A C:\Users\Xanifur\Desktop\Gray Matter.lnk
    2011-10-20 21:34 - 2011-07-29 17:15 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Origin
    2011-10-19 18:43 - 2011-10-19 14:05 - 0000000 ____D C:\Users\All Users\boost_interprocess
    2011-10-19 18:43 - 2011-10-19 14:05 - 0000000 ____D C:\ProgramData\boost_interprocess
    2011-10-18 20:26 - 2011-10-18 20:26 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\mm
    2011-10-18 20:10 - 2011-10-18 20:10 - 0000000 ____D C:\Program Files (x86)\Winamp Detect
    2011-10-18 20:08 - 2011-10-18 20:08 - 12383832 ____A (Nullsoft, Inc.) C:\Users\Xanifur\Downloads\winamp5621_full_bundle_emusic-7plus_en-us.exe
    2011-10-18 19:27 - 2011-10-18 19:27 - 0000000 ____D C:\Users\Xanifur\AppData\Local\CrashRpt
    2011-10-18 19:27 - 2011-10-18 19:27 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Arktos
    2011-10-18 19:25 - 2011-10-18 19:24 - 0002116 ____A C:\Users\Public\Desktop\Entropia Universe.lnk
    2011-10-18 19:25 - 2011-10-18 19:24 - 0000000 ____D C:\Windows\Entropia Universe
    2011-10-18 19:25 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
    2011-10-18 19:24 - 2011-10-18 19:24 - 0000000 ____D C:\Users\Xanifur\Documents\Entropia Universe
    2011-10-18 19:23 - 2011-10-18 19:22 - 4672440 ____A (MindArk PE AB) C:\Users\Xanifur\Downloads\entropia_universe_setup-euweb.exe

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 14%
    Total physical RAM: 4093.55 MB
    Available physical RAM: 3509.51 MB
    Total Pagefile: 4091.7 MB
    Available Pagefile: 3487.38 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    2 Drive c: () (Fixed) (Total:931.51 GB) (Free:544.23 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
    3 Drive d: (Xani's Slave) (Fixed) (Total:931.51 GB) (Free:202.18 GB) NTFS
    5 Drive f: (Jun 23 2003) (CDROM) (Total:0.07 GB) (Free:0 GB) CDFS
    6 Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 931 GB 0 B
    Disk 2 Online 1907 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 931 GB Healthy

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D Xani's Slav NTFS Partition 931 GB Healthy

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1907 MB 64 KB

    Disk: 2
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT Removable 1907 MB Healthy

    ==========================================================

    Last Boot: 2012-01-09 22:48

    ======================= End Of Log ==========================
     
  4. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Download the enclosed file. Save it in the USB drive. Run FRST64 as you did before. This time around, click on the Fix button and wait.

    The tool will make a log on the flashdrive (Fixlog.txt) please post the contents of this report in your reply.

    If successful, boot in Normal Mode and run Combofix as follows:

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      -----------------------------------------------------------​
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

        -----------------------------------------------------------​
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      -----------------------------------------------------------​
    4. Double click on combofix.exe & follow the prompts.
    5. Install the Recovery Console if prompted.
    6. When finished, it will produce a report for you.
    7. Please post the "C:\ComboFix.txt" .
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     

    Attached Files:

  5. rad_man

    rad_man Thread Starter

    Joined:
    Jan 14, 2012
    Messages:
    5
    Combofix log attached.

     

    Attached Files:

  6. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Perform a scan with Malwarebytes' Anti-Malware.

    • Launch and update Update Malwarebytes' Anti-Malware.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    Lets try ESET online scannner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

    Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    • First please Disable any Antivirus you have active, as shown in This topic.
    • Note: Don't forget to re-enable it after the scan.
    • Next hold down Control then click on the following link to open a new window to ESET online scannner.
    • Select the option YES, I accept the Terms of Use then click on Start.

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.​
    • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

      Scan for potentially unwanted applications
      Scan for potentially unsafe applications
      Enable Anti-Stealth Technology
    • Now click on Start.
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on Finish.
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.
     
  7. rad_man

    rad_man Thread Starter

    Joined:
    Jan 14, 2012
    Messages:
    5
    MWBytes finds nothing.

     
  8. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    How is the computer doing?
     
  9. rad_man

    rad_man Thread Starter

    Joined:
    Jan 14, 2012
    Messages:
    5
    Everything seems stable. AVG isn't bugging me about anything, and haven't gotten any popups. Thanks a lot, really appreciate it!
     
  10. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    You are welcome.

    Rename Combofix to Uninstall and click on it. That should remove the application.

    Delete the C:\FRST folder as it contains FRST quarantine.

    The following is a list of tools and utilities that I like to suggest to people.

    1. Always keep your JAVA updated. Older versions will make your computer vulnerable.
    2. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
    3. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    4. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
    5. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
    To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

    Best wishes! [​IMG]
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1036308