I was hit a few nights ago with the Koobface virus from facebook. I read a few threads on here and thought I'd see if Essexboy could lead me to the promised land. This site won't allow more than 10000 word post so I don't know which part of the OTS to attach. Please provide more instructions.
OTS logfile created on: 8/22/2011 4:52:37 PM - Run 1
OTS by OldTimer - Version 3.1.44.3 Folder = C:\Users\Mich\Pictures\My Pictures\Mich misc
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.94 Gb Total Space | 395.94 Gb Free Space | 86.84% Space Free | Partition Type: NTFS
Drive D: | 9.72 Gb Total Space | 1.46 Gb Free Space | 15.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MICH-PC
Current User Name: Mich
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.exe -> C:\Users\Mich\Pictures\My Pictures\Mich misc\OTS.exe -> [2011/08/22 16:50:02 | 000,645,632 | ---- | M] (OldTimer Tools)
systemup.exe -> C:\Windows\systemup.exe -> [2011/08/22 06:04:40 | 000,137,728 | ---- | M] ()
svchostdriver.exe -> C:\Windows\update.7.1\svchostdriver.exe -> [2011/08/22 04:33:02 | 000,382,464 | ---- | M] ()
svchost.exe -> C:\Windows\update.2\svchost.exe -> [2011/08/22 04:31:47 | 000,634,880 | ---- | M] ()
svchost.exe -> C:\Windows\update.5.0\svchost.exe -> [2011/08/22 04:29:44 | 000,355,840 | ---- | M] ()
sysdriver32.exe -> C:\Windows\sysdriver32.exe -> [2011/08/22 04:26:41 | 000,258,048 | ---- | M] ()
svchost.exe -> C:\Windows\update.tray-8-0-lnk\svchost.exe -> [2011/08/22 04:11:52 | 001,213,440 | -H-- | M] ()
svchost.exe -> C:\Windows\update.tray-8-0\svchost.exe -> [2011/08/22 04:11:52 | 001,213,440 | -H-- | M] ()
svchost.exe -> C:\Windows\update.1\svchost.exe -> [2011/08/22 04:11:52 | 001,213,440 | -H-- | M] ()
firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2011/08/17 16:10:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
phoenix.exe -> C:\Windows\phoenix\phoenix.exe -> [2011/06/14 15:51:54 | 006,962,815 | ---- | M] ()
armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated)
toolbarupdaterservice.exe -> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -> [2011/05/20 10:03:34 | 000,210,144 | ---- | M] ()
hpdrvmntsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company)
sftvsa.exe -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -> [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation)
sftlist.exe -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -> [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation)
qbupdate.exe -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> [2010/02/02 01:32:46 | 000,984,352 | ---- | M] (Intuit Inc.)
qbcfmonitorservice.exe -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -> [2010/01/31 08:01:28 | 000,045,056 | ---- | M] (Intuit)
hp_remote_solution.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe -> [2009/08/24 19:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard)
picturemover.exe -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe -> [2009/06/03 13:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company)
hpsysdrv.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
[Modules - No Company Name]
systemup.exe -> C:\Windows\systemup.exe -> [2011/08/22 06:04:40 | 000,137,728 | ---- | M] ()
svchost.exe -> C:\Windows\update.tray-8-0-lnk\svchost.exe -> [2011/08/22 04:11:52 | 001,213,440 | -H-- | M] ()
svchost.exe -> C:\Windows\update.tray-8-0\svchost.exe -> [2011/08/22 04:11:52 | 001,213,440 | -H-- | M] ()
mozjs.dll -> C:\Program Files (x86)\Mozilla Firefox\mozjs.dll -> [2011/08/17 16:10:40 | 001,846,232 | ---- | M] ()
system.management.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll -> [2011/08/10 18:46:14 | 001,051,136 | ---- | M] ()
presentationframework.aero.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll -> [2011/08/10 18:38:25 | 000,368,128 | ---- | M] ()
system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll -> [2011/08/10 18:38:12 | 000,771,584 | ---- | M] ()
system.data.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll -> [2011/08/10 18:38:10 | 006,611,456 | ---- | M] ()
presentationframework.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll -> [2011/08/10 18:38:03 | 014,339,072 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll -> [2011/08/10 18:37:45 | 001,587,200 | ---- | M] ()
presentationcore.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll -> [2011/08/10 18:37:43 | 012,234,752 | ---- | M] ()
windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase