Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible passwords taken; Trojan Downloader removed.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible passwords taken; Trojan Downloader removed.

Unread postby lawrencethomas3 » February 7th, 2012, 3:42 pm

Greetings all and thank you for taking the time to look at my problem.

When I got off of work yesterday, I had two suspicious e-mails waiting for me. One that said a change request had been made for my AppleID (which I never use) and the second that said the change was successfully completed. Thinking that this couldn't be done to completion without access to my e-mail address, I immediately went to work changing my passwords. Then I ran a Malwarebytes scan (found nothing) and then a Microsoft Security Essentials scan that found and repaired: TrojanDownloader:Java/OpenConnection.OU. At this point, I immediately removed all instances of Java from my system for the moment (haven't reinstalled yet). So my question is, are there any more suspicious things going on in my computer that need to be fixed? Again, I would like to thank you for your time!


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by ALThomas at 13:32:36 on 2012-02-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.4150 [GMT -6:00]
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
x:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Y:\ASUS\AI Suite\AiNap\AiNap.exe
Y:\ASUS\AI Suite\QFan3\QFanHelp.exe
Y:\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
Y:\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - Y:\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "X:\Steam\steam.exe" -silent
uRun: [BlueMtnAPODWallpaper] C:\Users\ALThomas\Desktop\APODWallpaper.exe
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
mRun: [GrooveMonitor] "Y:\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [MSIAfterburner] "Y:\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Ai Nap] "Y:\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "Y:\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "Y:\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\ALThomas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - Y:\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - Y:\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - Y:\MICROS~1\Office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer =
TCP: Interfaces\{9F09C0B5-31C3-41BF-9EC7-817935F91B5D} : DhcpNameServer =
TCP: Interfaces\{F062CD3D-35D9-4199-A4AB-1D213860821B} : DhcpNameServer =
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Y:\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - Y:\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - Y:\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
mRun-x64: [GrooveMonitor] "Y:\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [MSIAfterburner] "Y:\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Ai Nap] "Y:\ASUS\AI Suite\AiNap\AiNap.exe"
mRun-x64: [QFan Help] "Y:\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [Cpu Level Up help] "Y:\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Y:\Microsoft Office\Office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - C:\Users\ALThomas\AppData\Roaming\Mozilla\Firefox\Profiles\sgx49pwa.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ALThomas\AppData\Roaming\Mozilla\Firefox\Profiles\sgx49pwa.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\ALThomas\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: Y:\ITunes\Mozilla Plugins\npitunes.dll
FF - plugin: Y:\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: Y:\Picasa3\npPicasa3.dll
============= SERVICES / DRIVERS ===============
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTCore64;RTCore64;Y:\MSI Afterburner\RTCore64.sys [2010-6-6 14648]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
=============== Created Last 30 ================
2012-02-07 19:31:04 -------- d-----w- C:\Users\ALThomas\AppData\Local\{7C82F4CE-1063-4225-B7FC-91E9D34B951E}
2012-02-07 19:30:45 -------- d-----w- C:\Users\ALThomas\AppData\Local\{448C7CD8-3E19-479B-8E83-E6061BE424D9}
2012-02-06 21:29:36 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C835B846-EA22-4776-AFE1-6014B8AD25D2}\mpengine.dll
2012-02-05 13:28:00 -------- d-----w- C:\Users\ALThomas\AppData\Local\{99713722-9C2D-42EA-8CA3-66050A125273}
2012-02-05 13:27:38 -------- d-----w- C:\Users\ALThomas\AppData\Local\{009E602A-8EEF-4450-8A83-7F1916FDD13F}
2012-02-05 01:27:25 -------- d-----w- C:\Users\ALThomas\AppData\Local\{1CD75BBD-195F-4BC4-AB9D-92C29DB9A367}
2012-02-05 01:27:02 -------- d-----w- C:\Users\ALThomas\AppData\Local\{D5C4E701-9EFF-43BC-BED8-0C1AD1EE9A7B}
2012-02-04 13:26:50 -------- d-----w- C:\Users\ALThomas\AppData\Local\{1EFF46D2-F71E-4C56-A3BF-5A7A0169238C}
2012-02-04 01:26:15 -------- d-----w- C:\Users\ALThomas\AppData\Local\{0EBDD4C1-0FD8-40D3-B1C6-97C5B1508FD1}
2012-02-03 13:25:48 -------- d-----w- C:\Users\ALThomas\AppData\Local\{7B89E688-B3DD-4D10-BE72-8D9BA312BB10}
2012-02-03 01:25:10 -------- d-----w- C:\Users\ALThomas\AppData\Local\{58C93C2A-956C-43C2-9A60-62923CFE1F82}
2012-02-03 01:24:53 -------- d-----w- C:\Users\ALThomas\AppData\Local\{AEEB332D-17E0-4D88-A376-D4301EF56E17}
2012-02-02 03:30:46 -------- d-----w- C:\ProgramData\Battle.net
2012-02-01 04:42:17 453456 ----a-w- C:\Windows\SysWow64\d3dx10_41.dll
2012-01-31 18:06:14 -------- d-----w- C:\Users\ALThomas\AppData\Local\{C742CB46-E4B7-47DD-B72A-C9E749B686B3}
2012-01-31 06:05:40 -------- d-----w- C:\Users\ALThomas\AppData\Local\{45DAC315-6ADB-48CF-9B62-82C9B0F44492}
2012-01-30 18:05:04 -------- d-----w- C:\Users\ALThomas\AppData\Local\{2413D826-A5F5-4D1A-9EBF-0BCFE9202AEB}
2012-01-30 06:04:29 -------- d-----w- C:\Users\ALThomas\AppData\Local\{51FAC7E0-7652-4C1E-99C0-3DDADE36C03E}
2012-01-30 06:04:06 -------- d-----w- C:\Users\ALThomas\AppData\Local\{EBF6B6AA-CF1B-41CC-84DA-0AB9C52DED6B}
2012-01-29 18:03:41 -------- d-----w- C:\Users\ALThomas\AppData\Local\{DEE9BA00-E926-4AD3-99C3-451D336F1B1C}
2012-01-29 06:03:05 -------- d-----w- C:\Users\ALThomas\AppData\Local\{02A1A5A4-A21C-4834-97FF-D2EDAA139481}
2012-01-29 06:02:43 -------- d-----w- C:\Users\ALThomas\AppData\Local\{3AE6C2E1-BA7C-4B6C-95C7-29B3A0056CB8}
2012-01-28 18:02:18 -------- d-----w- C:\Users\ALThomas\AppData\Local\{B850E685-ED47-42B7-BF72-FB94389A78EE}
2012-01-28 06:01:42 -------- d-----w- C:\Users\ALThomas\AppData\Local\{003F1BCA-F682-480C-B316-EB8F2828F6B2}
2012-01-28 06:01:29 -------- d-----w- C:\Users\ALThomas\AppData\Local\{7D368A2D-8C63-4E45-8EC3-A861FC0AB97E}
2012-01-27 00:25:11 -------- d-----w- C:\Users\ALThomas\AppData\Local\{EE640F31-6C78-49CD-BB0A-A2F83482EC61}
2012-01-26 12:24:35 -------- d-----w- C:\Users\ALThomas\AppData\Local\{654B651B-D9A2-4F60-8097-2C9B549C6A5D}
2012-01-26 00:23:58 -------- d-----w- C:\Users\ALThomas\AppData\Local\{7D17D4A7-20F1-42B1-9CBE-1B58F90A94EB}
2012-01-25 12:23:23 -------- d-----w- C:\Users\ALThomas\AppData\Local\{75AC5BB3-2714-4E92-9984-334F9C5B35BA}
2012-01-25 00:22:47 -------- d-----w- C:\Users\ALThomas\AppData\Local\{C1BDDC6C-FA43-48AD-A007-B52F70E0888C}
2012-01-24 12:22:12 -------- d-----w- C:\Users\ALThomas\AppData\Local\{326C7FB4-D15A-4257-98C1-429630172DA5}
2012-01-24 00:21:35 -------- d-----w- C:\Users\ALThomas\AppData\Local\{B194E1A8-4B8A-4203-A2D7-B332D5B0B700}
2012-01-23 12:21:00 -------- d-----w- C:\Users\ALThomas\AppData\Local\{66E3D4D4-B966-493A-9CE1-D5EA4832EE59}
2012-01-23 00:20:24 -------- d-----w- C:\Users\ALThomas\AppData\Local\{BA4D8D44-2BB6-4407-A5EA-E11B6EA58B73}
2012-01-22 12:19:47 -------- d-----w- C:\Users\ALThomas\AppData\Local\{35FAA36E-458E-4E1F-9F33-E8BF19598655}
2012-01-22 00:19:10 -------- d-----w- C:\Users\ALThomas\AppData\Local\{09062752-8D0F-415C-A2EE-A1523CFE0B69}
2012-01-21 12:18:35 -------- d-----w- C:\Users\ALThomas\AppData\Local\{2A399C06-8FFB-4870-8B68-6C60C165AAEC}
2012-01-21 12:18:13 -------- d-----w- C:\Users\ALThomas\AppData\Local\{2A43C484-A312-4E3F-B3FC-85DC12C71173}
2012-01-21 00:17:47 -------- d-----w- C:\Users\ALThomas\AppData\Local\{CE0E751F-2AE1-4378-ABF1-38FD9BD9B693}
2012-01-21 00:17:25 -------- d-----w- C:\Users\ALThomas\AppData\Local\{919F227E-8FC2-4CB4-ACA9-056976DA1533}
2012-01-20 12:17:12 -------- d-----w- C:\Users\ALThomas\AppData\Local\{10CF3610-DA5E-4A45-9756-6E8B00B35B8C}
2012-01-20 12:16:50 -------- d-----w- C:\Users\ALThomas\AppData\Local\{2A9C1594-2258-45BA-91AC-2AB08FAD3723}
2012-01-20 00:16:37 -------- d-----w- C:\Users\ALThomas\AppData\Local\{90B5A42E-75BB-4534-9AC0-130EA2EC3893}
2012-01-20 00:16:15 -------- d-----w- C:\Users\ALThomas\AppData\Local\{B5A6D837-51D7-4FEB-914F-D566CFDEA73A}
2012-01-19 12:16:02 -------- d-----w- C:\Users\ALThomas\AppData\Local\{3BCD2849-F626-4822-A96B-6FA8BF8C495B}
2012-01-19 00:15:25 -------- d-----w- C:\Users\ALThomas\AppData\Local\{1E89CF01-CAA6-42E7-807F-EC1DA23F0C2C}
2012-01-19 00:15:08 -------- d-----w- C:\Users\ALThomas\AppData\Local\{94698015-0863-412D-A477-EB004D08879F}
2012-01-18 07:59:56 -------- d-----w- C:\Users\ALThomas\AppData\Local\{752A7A35-CF4B-4BBC-A657-4710ECAA2AEC}
2012-01-18 07:59:32 -------- d-----w- C:\Users\ALThomas\AppData\Local\{F2448F8C-0156-4C08-B5A2-1366C228A87D}
2012-01-17 19:59:20 -------- d-----w- C:\Users\ALThomas\AppData\Local\{412416CD-0BF6-4DD4-A20B-313765F5E1A1}
2012-01-17 19:58:58 -------- d-----w- C:\Users\ALThomas\AppData\Local\{559D5278-7CD9-4B82-8BE6-FA3CA56543B3}
2012-01-17 07:58:45 -------- d-----w- C:\Users\ALThomas\AppData\Local\{7F3077D6-D27B-4839-B9FC-C987B573D29C}
2012-01-17 07:58:23 -------- d-----w- C:\Users\ALThomas\AppData\Local\{17E6B790-7AA0-42BC-8A3E-7A3C3441619E}
2012-01-16 19:58:10 -------- d-----w- C:\Users\ALThomas\AppData\Local\{252AFECC-658B-4F45-A28A-BE8521A5C82E}
2012-01-16 19:57:47 -------- d-----w- C:\Users\ALThomas\AppData\Local\{2447C186-E6C6-45F4-A47B-9506AF3ABF6F}
2012-01-16 07:57:33 -------- d-----w- C:\Users\ALThomas\AppData\Local\{EC91FBF0-F381-455C-B30A-A0CE1BC34846}
2012-01-16 07:57:11 -------- d-----w- C:\Users\ALThomas\AppData\Local\{0062E732-E5E6-4245-840D-3BBC6DADB1E7}
2012-01-15 19:56:58 -------- d-----w- C:\Users\ALThomas\AppData\Local\{C231400E-58AD-4FB3-8806-EAD4D9CB7608}
2012-01-15 19:56:35 -------- d-----w- C:\Users\ALThomas\AppData\Local\{88640F26-C49E-4044-8EA3-BBCF37C17FBA}
2012-01-15 07:56:22 -------- d-----w- C:\Users\ALThomas\AppData\Local\{956D77C0-5EDD-48D3-8093-F1A240F4BF19}
2012-01-15 07:56:00 -------- d-----w- C:\Users\ALThomas\AppData\Local\{62888A3B-2914-470D-89FA-1C4346EFA64C}
2012-01-14 19:55:47 -------- d-----w- C:\Users\ALThomas\AppData\Local\{45C4A055-CDA3-4DA9-90CE-5FF54BA66ABB}
2012-01-14 19:55:24 -------- d-----w- C:\Users\ALThomas\AppData\Local\{F041F90A-7D11-4546-87B9-7427C97AD06E}
2012-01-14 07:55:10 -------- d-----w- C:\Users\ALThomas\AppData\Local\{54F8197C-AAE1-46F9-A517-A6C20F50CF5E}
2012-01-14 07:54:48 -------- d-----w- C:\Users\ALThomas\AppData\Local\{AAB8A1FA-FDE0-4B83-B7D8-1569B03C28CF}
2012-01-13 19:54:35 -------- d-----w- C:\Users\ALThomas\AppData\Local\{BDEC85BA-8B58-4891-BED1-A28F605B8EE0}
2012-01-13 19:54:12 -------- d-----w- C:\Users\ALThomas\AppData\Local\{EB1D3A4C-CD05-440F-8452-76890C267C15}
2012-01-13 07:53:57 -------- d-----w- C:\Users\ALThomas\AppData\Local\{5E17F39B-7827-4D1C-BEC7-6C1EE274DE5E}
2012-01-13 07:53:35 -------- d-----w- C:\Users\ALThomas\AppData\Local\{A416D409-C4F3-4B7F-83E2-A61E62ED5A26}
2012-01-12 19:53:10 -------- d-----w- C:\Users\ALThomas\AppData\Local\{06A5301C-48AD-4B5B-85A4-C0537B759074}
2012-01-12 07:52:34 -------- d-----w- C:\Users\ALThomas\AppData\Local\{6C09C9C3-FC59-4D1F-B4B9-11BA13DF720C}
2012-01-11 19:51:59 -------- d-----w- C:\Users\ALThomas\AppData\Local\{B1418939-6881-45A7-9515-E29C1A7FD310}
2012-01-11 07:51:24 -------- d-----w- C:\Users\ALThomas\AppData\Local\{6C6ADC4B-0DC3-42B9-A141-E1E5149A66C9}
2012-01-11 07:51:02 -------- d-----w- C:\Users\ALThomas\AppData\Local\{01F82E3E-9ED6-478F-85F5-B0B0071CF559}
2012-01-11 06:04:26 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-01-11 06:04:23 3145216 ----a-w- C:\Windows\System32\win32k.sys
2012-01-11 06:04:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-01-11 06:04:07 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-01-11 06:03:49 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-01-11 06:03:49 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-01-10 19:50:37 -------- d-----w- C:\Users\ALThomas\AppData\Local\{B2F00E50-B78E-4141-8C9F-895A38B9F6D6}
2012-01-10 07:50:01 -------- d-----w- C:\Users\ALThomas\AppData\Local\{FB3FE9A6-4D17-485E-9D5A-E64DBF282586}
2012-01-09 19:49:24 -------- d-----w- C:\Users\ALThomas\AppData\Local\{98F5A4C9-7E44-4A41-97DE-4504979D725A}
2012-01-09 07:48:48 -------- d-----w- C:\Users\ALThomas\AppData\Local\{AF4A7CFA-4521-46B2-8EDC-957356BAC997}
2012-01-08 19:48:11 -------- d-----w- C:\Users\ALThomas\AppData\Local\{9C13C784-6DC1-4FDD-B98B-4390C34C8E68}
==================== Find3M ====================
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-15 04:02:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-12-15 04:02:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-12-15 03:49:28 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-07 04:45:44 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-24 04:59:00 9622848 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2011-11-24 02:47:47 6004544 ----a-w- C:\Windows\System32\nvcpl.dll
2011-11-24 02:41:24 3028800 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-11-24 02:38:53 2562368 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-11-24 02:38:49 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-11-24 02:38:44 63296 ----a-w- C:\Windows\System32\nvshext.dll
2011-11-24 02:38:44 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-17 05:21:08 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
============= FINISH: 13:33:52.58 ===============

DDS (Ver_2011-08-26.01)
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/30/2010 9:02:12 AM
System Uptime: 2/7/2012 1:29:39 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | P6T DELUXE V2
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 98 GiB total, 8.332 GiB free.
D: is CDROM ()
X: is FIXED (NTFS) - 244 GiB total, 22.787 GiB free.
Y: is FIXED (NTFS) - 135 GiB total, 25.111 GiB free.
Z: is FIXED (NTFS) - 222 GiB total, 65.845 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP427: 2/6/2012 7:30:41 PM - Removed Java(TM) 6 Update 26
RP428: 2/6/2012 7:31:50 PM - Removed Java(TM) 7 (64-bit)
==== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958)
3DMark Vantage
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.7
AI Suite
Apple Application Support
Apple Software Update
Assassin's Creed Brotherhood
Battlefield 3™
Battlefield 3™ Open Beta
Belarc Advisor 8.1
BioWare Premium Module: Neverwinter Nights(TM) Kingmaker
Breath of Death VII
Capture NX 2
Curse Client
Dark Ages
Deus Ex: Game of the Year Edition
Deus Ex: Human Revolution
Deus Ex: Human Revolution - The Missing Link
Diablo III Beta
Dragon Age II
Dragon Age: Origins
Dragon Age: Origins - Awakening
Driver Sweeper 2.1.0
ESN Sonar
EVGA OC Scanner 1.4.1
EVGA Precision 1.9.6
Fallout 3 - Unofficial Fallout 3 Patch
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
Fraps (remove only)
Free Alarm Clock 2.1.0
Futuremark SystemInfo
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Hitman 2: Silent Assassin
Hitman: Blood Money
Hitman: Codename 47
Host OpenAL (ADI)
IrfanView (remove only)
Junk Mail filter update
Left 4 Dead
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic Online
Malwarebytes Anti-Malware version
Mass Effect
Mass Effect 2
Mesh Runtime
Messenger Companion
Microsoft Expression Design 4
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MorphVOX Pro
Mozilla Firefox 10.0 (x86 en-US)
Mozilla Firefox 8.0.1 (x86 en-US)
MSI Afterburner 1.6.1
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Neverwinter Nights
Neverwinter Nights 2: Platinum
Nikon Message Center
Octoshape Streaming Services
PDF Settings CS5
Picasa 3
Picture Control Utility
PlayOnline Viewer & Tetra Master
Portal 2
PunkBuster Services
Recettear: An Item Shop's Tale
Red Eye Remover Pro 1.2
Resident Evil 5
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Sid Meier's Civilization V
Solar 2
SpeedFan (remove only)
Star Wars: The Old Republic
StarCraft II
SurfOffline Professional 2
Team Fortress 2
The Witcher 2 - Assassins of Kings
Tom Clancy's Splinter Cell: Conviction
Ubisoft Game Launcher
Uncharted Waters Online
Universe Sandbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.4
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
X-COM: Apocalypse
X-COM: Terror from the Deep
X-COM: UFO Defense
Yahoo! Detect
==== Event Viewer Messages From Past Week ========
2/7/2012 1:32:18 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/7/2012 1:32:18 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
2/7/2012 1:30:41 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/7/2012 1:30:41 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
2/6/2012 7:04:41 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
==== End Of File ===========================
Active Member
Posts: 1
Joined: February 7th, 2012, 3:21 pm
Register to Remove

Re: Possible passwords taken; Trojan Downloader removed.

Unread postby askey127 » February 8th, 2012, 7:29 am

We can begin looking for files and settings that could cause the problem.
First, let me be very clear. The infection(s) you see are undoubtedly from the use of utorrent.
If you use P2P programs like that, there is no combination of anti-spyware, antivirus and anonymizer programs that will save your machine.
Thousands upon thousands of the shared files have infections planted by criminals, and eventually you would get an infection so serious that you would have to reformat the drive and re-install Windows from scratch, losing all your documents.
Our site policy is here: It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included utorrent in the removal instructions below, so we are not wasting our time.
Remove Program Using Control Panel
From Start, Control Panel, click on Programs and Features
Click this Entry, if it exists, choose Uninstall, and give permission to Continue:
Take extra care in answering questions posed by any Uninstaller.
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program just once.
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we will be looking for the contents of the log from CKScanner, and the two logs from OTL. As I mentioned, separate replies for any of the logs will be OK.
User avatar
Posts: 13961
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible passwords taken; Trojan Downloader removed.

Unread postby askey127 » February 11th, 2012, 8:23 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Posts: 13961
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 73 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware