1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Hijacked search results, blocked AV updates and random BSODs

Discussion in 'Malware and Virus Removal Archive' started by corbyboy, 2011/03/08.

  1. 2011/03/08
    corbyboy

    corbyboy Inactive Thread Starter

    Joined:
    2011/03/08
    Messages:
    10
    Likes Received:
    0
    [Resolved] Hijacked search results, blocked AV updates and random BSODs

    Hi guys this is my first post on this forum and I appreciate any help that I can get here.

    I noticed a few days ago that my search results were getting hijacked and random popups were appearing. I scanned my entire system with Microsoft Security Essentials and it removed a few things, including something along the lines of "Bamatil. "

    I tried a few things such as Malware Bytes and even though the scans were now turning up negative, the popups were still appearing and my searches were still getting hijacked.
    I was then unable to scan with MSE or update it and I cannot get access to Windows Update. Somebody told me to try ComboFix, but that was causing a BSOD. I also got a couple of random BSOD errors when running GMER, but it finished eventually.

    I then think I made the wrong decision and decided to restore my PC back to its factory settings. It restored my entire C drive, but I have a partition (D) that stores all my data. After the restore the problems are still occuring.

    So now I am going to do things the proper way and see if you good people can help me get my system clean.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5993

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    08/03/2011 21:03:09
    mbam-log-2011-03-08 (21-03-09).txt

    Scan type: Quick scan
    Objects scanned: 139396
    Time elapsed: 4 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    corbyboy,
    #1
  2. 2011/03/08
    corbyboy

    corbyboy Inactive Thread Starter

    Joined:
    2011/03/08
    Messages:
    10
    Likes Received:
    0
    Here are some more logs


     
    corbyboy,
    #2


  3. to hide this advert.

  4. 2011/03/08
    corbyboy

    corbyboy Inactive Thread Starter

    Joined:
    2011/03/08
    Messages:
    10
    Likes Received:
    0
    And finally the DDS logs

     
    corbyboy,
    #3
  5. 2011/03/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Please, do NOT wrap logs in quotes.

    You're infected with a rootkit.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #4
  6. 2011/03/09
    corbyboy

    corbyboy Inactive Thread Starter

    Joined:
    2011/03/08
    Messages:
    10
    Likes Received:
    0
    Thanks very much for the help. Here is the log:

    2011/03/09 07:15:58.0624 3400 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
    2011/03/09 07:15:58.0865 3400 ================================================================================
    2011/03/09 07:15:58.0865 3400 SystemInfo:
    2011/03/09 07:15:58.0865 3400
    2011/03/09 07:15:58.0865 3400 OS Version: 6.0.6001 ServicePack: 1.0
    2011/03/09 07:15:58.0865 3400 Product type: Workstation
    2011/03/09 07:15:58.0866 3400 ComputerName: CHRIS-PC
    2011/03/09 07:15:58.0866 3400 UserName: Chris
    2011/03/09 07:15:58.0866 3400 Windows directory: C:\Windows
    2011/03/09 07:15:58.0866 3400 System windows directory: C:\Windows
    2011/03/09 07:15:58.0866 3400 Processor architecture: Intel x86
    2011/03/09 07:15:58.0866 3400 Number of processors: 1
    2011/03/09 07:15:58.0866 3400 Page size: 0x1000
    2011/03/09 07:15:58.0866 3400 Boot type: Normal boot
    2011/03/09 07:15:58.0866 3400 ================================================================================
    2011/03/09 07:15:59.0622 3400 Initialize success
    2011/03/09 07:16:03.0070 4576 ================================================================================
    2011/03/09 07:16:03.0070 4576 Scan started
    2011/03/09 07:16:03.0070 4576 Mode: Manual;
    2011/03/09 07:16:03.0070 4576 ================================================================================
    2011/03/09 07:16:07.0948 4576 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    2011/03/09 07:16:10.0641 4576 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/03/09 07:16:13.0087 4576 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/03/09 07:16:14.0894 4576 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/03/09 07:16:17.0397 4576 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/03/09 07:16:20.0193 4576 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
    2011/03/09 07:16:23.0960 4576 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/03/09 07:16:26.0737 4576 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/03/09 07:16:29.0914 4576 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/03/09 07:16:32.0262 4576 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/03/09 07:16:34.0939 4576 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/03/09 07:16:37.0807 4576 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/03/09 07:16:40.0730 4576 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2011/03/09 07:16:43.0965 4576 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/03/09 07:16:46.0511 4576 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/03/09 07:16:49.0589 4576 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/03/09 07:16:52.0378 4576 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    2011/03/09 07:16:55.0581 4576 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/03/09 07:16:59.0501 4576 BCM43XX (e22abcaa7b6ff580feb0d49545dc4263) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2011/03/09 07:17:02.0531 4576 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/03/09 07:17:05.0799 4576 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/03/09 07:17:08.0744 4576 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/03/09 07:17:11.0733 4576 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/03/09 07:17:14.0589 4576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/03/09 07:17:17.0716 4576 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/03/09 07:17:20.0685 4576 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/03/09 07:17:23.0528 4576 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/03/09 07:17:25.0972 4576 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/03/09 07:17:28.0006 4576 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/03/09 07:17:31.0908 4576 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/03/09 07:17:34.0409 4576 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/03/09 07:17:37.0776 4576 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/03/09 07:17:40.0521 4576 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
    2011/03/09 07:17:42.0542 4576 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/03/09 07:17:45.0502 4576 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/03/09 07:17:47.0953 4576 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/03/09 07:17:50.0859 4576 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/03/09 07:17:54.0006 4576 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/03/09 07:17:57.0230 4576 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
    2011/03/09 07:18:00.0086 4576 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    2011/03/09 07:18:03.0619 4576 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
    2011/03/09 07:18:06.0101 4576 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/03/09 07:18:08.0956 4576 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/03/09 07:18:11.0934 4576 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/03/09 07:18:14.0292 4576 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    2011/03/09 07:18:16.0602 4576 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/03/09 07:18:18.0686 4576 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2011/03/09 07:18:20.0610 4576 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    2011/03/09 07:18:22.0415 4576 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    2011/03/09 07:18:24.0737 4576 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/03/09 07:18:26.0939 4576 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/03/09 07:18:30.0194 4576 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/03/09 07:18:33.0350 4576 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/03/09 07:18:36.0011 4576 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    2011/03/09 07:18:38.0943 4576 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/03/09 07:18:42.0371 4576 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/03/09 07:18:46.0481 4576 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/03/09 07:18:49.0285 4576 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/03/09 07:18:51.0936 4576 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/03/09 07:18:54.0463 4576 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/03/09 07:18:57.0316 4576 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/03/09 07:19:00.0446 4576 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2011/03/09 07:19:03.0229 4576 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2011/03/09 07:19:05.0573 4576 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2011/03/09 07:19:08.0524 4576 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2011/03/09 07:19:12.0345 4576 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
    2011/03/09 07:19:16.0529 4576 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/03/09 07:19:19.0495 4576 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/03/09 07:19:22.0836 4576 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/03/09 07:19:25.0233 4576 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/03/09 07:19:28.0536 4576 igfx (04e385059da704ec6659ddb1526c4193) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/03/09 07:19:30.0787 4576 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/03/09 07:19:32.0321 4576 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
    2011/03/09 07:19:34.0598 4576 IntcAzAudAddService (b795745f7e51aa20d46753ec5a811aca) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/03/09 07:19:36.0275 4576 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/03/09 07:19:38.0076 4576 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/03/09 07:19:40.0010 4576 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/09 07:19:43.0067 4576 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2011/03/09 07:19:44.0704 4576 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/03/09 07:19:46.0251 4576 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
    2011/03/09 07:19:47.0851 4576 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/03/09 07:19:49.0906 4576 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/03/09 07:19:51.0409 4576 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/03/09 07:19:53.0017 4576 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/03/09 07:19:54.0539 4576 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/03/09 07:19:56.0143 4576 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/03/09 07:19:57.0732 4576 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/03/09 07:19:59.0281 4576 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
    2011/03/09 07:20:01.0358 4576 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/03/09 07:20:04.0071 4576 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/03/09 07:20:05.0641 4576 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/03/09 07:20:07.0265 4576 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/03/09 07:20:08.0800 4576 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/03/09 07:20:10.0358 4576 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/03/09 07:20:11.0923 4576 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/03/09 07:20:13.0446 4576 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/03/09 07:20:15.0365 4576 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/03/09 07:20:16.0988 4576 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/03/09 07:20:18.0511 4576 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/03/09 07:20:20.0649 4576 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/03/09 07:20:22.0202 4576 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/03/09 07:20:23.0836 4576 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/03/09 07:20:25.0584 4576 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2011/03/09 07:20:25.0703 4576 MpKsle9c45253 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA1E55FE-1C5C-4C1B-B5B9-0C3AEB1D86ED}\MpKsle9c45253.sys
    2011/03/09 07:20:27.0228 4576 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/03/09 07:20:28.0730 4576 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/03/09 07:20:30.0276 4576 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/03/09 07:20:33.0768 4576 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    2011/03/09 07:20:37.0114 4576 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/03/09 07:20:40.0653 4576 mrxsmb10 (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/09 07:20:43.0420 4576 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/09 07:20:47.0011 4576 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    2011/03/09 07:20:49.0758 4576 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2011/03/09 07:20:51.0315 4576 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/03/09 07:20:54.0361 4576 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/03/09 07:20:56.0651 4576 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/03/09 07:20:58.0373 4576 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/03/09 07:20:59.0984 4576 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/03/09 07:21:01.0511 4576 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    2011/03/09 07:21:03.0079 4576 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/03/09 07:21:04.0923 4576 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/03/09 07:21:06.0502 4576 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    2011/03/09 07:21:08.0089 4576 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/03/09 07:21:09.0763 4576 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
    2011/03/09 07:21:11.0304 4576 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/03/09 07:21:12.0871 4576 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/03/09 07:21:15.0196 4576 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/03/09 07:21:16.0552 4576 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/03/09 07:21:17.0930 4576 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/03/09 07:21:19.0401 4576 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    2011/03/09 07:21:20.0882 4576 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
    2011/03/09 07:21:22.0303 4576 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/03/09 07:21:23.0682 4576 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2011/03/09 07:21:25.0092 4576 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    2011/03/09 07:21:26.0447 4576 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
    2011/03/09 07:21:27.0803 4576 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/03/09 07:21:29.0271 4576 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    2011/03/09 07:21:30.0642 4576 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
    2011/03/09 07:21:32.0010 4576 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/03/09 07:21:33.0399 4576 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/03/09 07:21:34.0736 4576 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2011/03/09 07:21:36.0092 4576 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2011/03/09 07:21:37.0450 4576 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2011/03/09 07:21:41.0643 4576 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/03/09 07:21:43.0048 4576 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/03/09 07:21:44.0938 4576 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    2011/03/09 07:21:46.0338 4576 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/03/09 07:21:47.0697 4576 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    2011/03/09 07:21:49.0069 4576 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    2011/03/09 07:21:50.0814 4576 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/03/09 07:21:52.0217 4576 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/03/09 07:21:53.0685 4576 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/03/09 07:21:55.0183 4576 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2011/03/09 07:21:56.0578 4576 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
    2011/03/09 07:21:57.0978 4576 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
    2011/03/09 07:21:59.0339 4576 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
    2011/03/09 07:22:00.0709 4576 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
    2011/03/09 07:22:02.0183 4576 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/03/09 07:22:03.0591 4576 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/03/09 07:22:04.0980 4576 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/03/09 07:22:06.0335 4576 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/03/09 07:22:07.0793 4576 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/03/09 07:22:09.0160 4576 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/03/09 07:22:10.0541 4576 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/03/09 07:22:11.0970 4576 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/03/09 07:22:13.0336 4576 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/03/09 07:22:14.0997 4576 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2011/03/09 07:22:16.0385 4576 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/03/09 07:22:17.0769 4576 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    2011/03/09 07:22:19.0292 4576 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/03/09 07:22:20.0691 4576 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/03/09 07:22:22.0140 4576 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/03/09 07:22:23.0518 4576 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/03/09 07:22:25.0318 4576 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/03/09 07:22:26.0666 4576 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/03/09 07:22:28.0033 4576 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/03/09 07:22:29.0433 4576 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2011/03/09 07:22:30.0911 4576 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/03/09 07:22:32.0278 4576 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2011/03/09 07:22:33.0634 4576 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/03/09 07:22:34.0991 4576 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/03/09 07:22:36.0469 4576 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/03/09 07:22:37.0827 4576 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/03/09 07:22:39.0502 4576 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    2011/03/09 07:22:40.0868 4576 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/03/09 07:22:42.0275 4576 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
    2011/03/09 07:22:43.0911 4576 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
    2011/03/09 07:22:45.0246 4576 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/03/09 07:22:47.0029 4576 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/03/09 07:22:48.0397 4576 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/03/09 07:22:50.0075 4576 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/03/09 07:22:51.0442 4576 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/03/09 07:22:52.0858 4576 SynTP (c5f25d490d0915732508fd421bf76d93) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/03/09 07:22:54.0470 4576 Tcpip (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\drivers\tcpip.sys
    2011/03/09 07:22:56.0425 4576 Tcpip6 (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/03/09 07:22:57.0824 4576 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    2011/03/09 07:22:59.0179 4576 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/03/09 07:23:00.0523 4576 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/03/09 07:23:01.0891 4576 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/03/09 07:23:03.0319 4576 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    2011/03/09 07:23:04.0781 4576 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys
    2011/03/09 07:23:06.0281 4576 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/03/09 07:23:08.0725 4576 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/03/09 07:23:10.0104 4576 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/03/09 07:23:11.0483 4576 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/03/09 07:23:12.0956 4576 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    2011/03/09 07:23:15.0324 4576 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/03/09 07:23:17.0285 4576 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/03/09 07:23:19.0632 4576 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/03/09 07:23:22.0368 4576 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/03/09 07:23:25.0302 4576 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/03/09 07:23:29.0072 4576 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/03/09 07:23:33.0393 4576 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/03/09 07:23:36.0452 4576 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/03/09 07:23:38.0513 4576 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/03/09 07:23:40.0757 4576 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/03/09 07:23:42.0796 4576 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2011/03/09 07:23:50.0485 4576 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/03/09 07:23:53.0156 4576 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/03/09 07:23:56.0001 4576 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/03/09 07:23:59.0523 4576 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/03/09 07:24:02.0291 4576 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/03/09 07:24:04.0347 4576 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/03/09 07:24:07.0348 4576 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/03/09 07:24:09.0229 4576 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/03/09 07:24:10.0883 4576 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    2011/03/09 07:24:13.0097 4576 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    2011/03/09 07:24:14.0877 4576 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/03/09 07:24:17.0446 4576 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/03/09 07:24:19.0780 4576 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/09 07:24:19.0805 4576 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/09 07:24:21.0748 4576 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/03/09 07:24:23.0718 4576 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/03/09 07:24:25.0842 4576 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/03/09 07:24:27.0539 4576 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/03/09 07:24:29.0184 4576 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/03/09 07:24:30.0918 4576 WSVD (2584df81cc9f7e7bd3545691106f8cae) C:\Windows\system32\drivers\WSVD.sys
    2011/03/09 07:24:32.0736 4576 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
    2011/03/09 07:24:32.0814 4576 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/03/09 07:24:32.0821 4576 ================================================================================
    2011/03/09 07:24:32.0822 4576 Scan finished
    2011/03/09 07:24:32.0822 4576 ================================================================================
    2011/03/09 07:24:32.0841 4572 Detected object count: 1
    2011/03/09 07:26:23.0286 4572 \HardDisk0 - will be cured after reboot
    2011/03/09 07:26:23.0287 4572 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/03/09 07:27:10.0062 3492 Deinitialize success
     
    corbyboy,
    #5
  7. 2011/03/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good.

    How is redirection?

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ===============================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #6
  8. 2011/03/09
    corbyboy

    corbyboy Inactive Thread Starter

    Joined:
    2011/03/08
    Messages:
    10
    Likes Received:
    0
    Many thanks for your persistence. The page hijacking seems to be fine now. And Windows Uodate is working too.

    Here is the Bootkit Remove log:

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 1 (build 600
    1), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`71100000
    Boot sector MD5 is: 26062c4eb9a0e14db5e0d0ba52a0aa93

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...

    --------------------------------------------------------------------------

    And here is the Combofix log:

    ComboFix 11-03-08.09 - Chris 09/03/2011 20:39:52.3.1 - x86
    Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.44.1033.18.2038.974 [GMT 0:00]
    Running from: c:\users\Chris\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-09 20:58 . 2011-03-09 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-09 20:25 . 2011-03-09 20:25 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA1E55FE-1C5C-4C1B-B5B9-0C3AEB1D86ED}\MpKslc03755a5.sys
    2011-03-09 18:57 . 2011-03-09 18:57 -------- d-----w- c:\program files\7-Zip
    2011-03-09 18:45 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
    2011-03-09 18:45 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
    2011-03-09 18:45 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
    2011-03-09 18:45 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
    2011-03-09 18:45 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
    2011-03-09 18:45 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
    2011-03-09 18:45 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
    2011-03-09 18:45 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
    2011-03-09 18:45 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
    2011-03-09 03:25 . 2007-08-28 20:43 170520 ----a-w- c:\windows\system32\igfxzoom.exe
    2011-03-09 02:32 . 2011-03-09 02:32 -------- d-----w- c:\windows\system32\Lang
    2011-03-09 02:32 . 2007-08-28 20:43 399896 ----a-w- c:\windows\system32\igxpun.exe
    2011-03-09 02:32 . 2006-11-10 17:25 319456 ----a-w- c:\windows\system32\difxapi.dll
    2011-03-09 02:32 . 2011-03-09 02:32 -------- d-----w- c:\program files\CONEXANT
    2011-03-09 00:12 . 2006-09-19 16:47 80744 ----a-w- c:\windows\system32\drivers\WSVD.sys
    2011-03-09 00:09 . 2005-06-23 11:14 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
    2011-03-09 00:09 . 2011-03-09 00:09 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2011-03-09 00:09 . 2002-12-05 14:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2011-03-09 00:09 . 2002-12-05 14:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2011-03-09 00:09 . 2002-12-02 15:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2011-03-09 00:09 . 2002-12-02 13:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2011-03-09 00:09 . 2002-12-02 13:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2011-03-09 00:09 . 2011-03-09 00:09 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2011-03-09 00:08 . 2007-08-20 20:08 172032 ----a-w- c:\windows\system32\igfxres.dll
    2011-03-08 23:06 . 2011-02-23 09:35 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA1E55FE-1C5C-4C1B-B5B9-0C3AEB1D86ED}\mpengine.dll
    2011-03-08 21:46 . 2010-11-30 10:43 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC76CE0D-4D15-40F6-9B3C-D5DF964D8DCF}\gapaengine.dll
    2011-03-08 21:44 . 2011-03-08 21:44 -------- d-----w- c:\program files\Microsoft Security Client
    2011-03-08 21:44 . 2010-04-05 17:03 902024 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-03-08 21:44 . 2010-04-05 17:02 220040 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-03-08 21:44 . 2010-04-05 17:02 98184 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2011-03-08 21:44 . 2010-04-05 16:29 438272 ----a-w- c:\windows\system32\IKEEXT.DLL
    2011-03-08 21:44 . 2010-04-05 16:29 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2011-03-08 21:44 . 2010-04-05 16:28 328704 ----a-w- c:\windows\system32\BFE.DLL
    2011-03-08 20:57 . 2011-03-08 20:57 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-08 20:57 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-08 20:57 . 2011-03-08 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-08 20:57 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-08 20:15 . 2011-03-08 20:15 -------- d-----w- c:\program files\Acer
    2011-03-08 20:15 . 2011-03-08 20:15 -------- d-----w- c:\programdata\Yahoo! Companion
    2011-03-08 20:11 . 2007-11-30 15:51 15392 ----a-w- c:\windows\system32\drivers\int15.sys
    2011-03-08 20:11 . 2007-11-06 09:30 6080 ----a-w- c:\windows\system32\drivers\zntport.sys
    2011-03-08 20:11 . 2007-11-06 09:30 8704 ----a-w- c:\windows\system32\drivers\TVicPort64.sys
    2011-03-08 20:11 . 2007-11-06 09:30 15656 ----a-w- c:\windows\system32\drivers\int15_64.sys
    2011-03-08 20:11 . 2007-11-06 09:30 14544 ----a-w- c:\windows\system32\drivers\TVicPort.sys
    2011-03-08 20:11 . 2007-11-06 09:30 13096 ----a-w- c:\windows\system32\drivers\zntport64.sys
    2011-03-08 19:54 . 2007-07-17 19:33 368640 ----a-w- c:\windows\system32\CheckD2DSystem.exe
    2011-03-08 19:54 . 2006-11-12 11:54 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe
    2011-03-08 19:54 . 2006-11-10 17:27 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe
    2011-03-08 19:54 . 2005-12-09 09:12 16384 ----a-w- c:\windows\system32\ClearEvent.exe
    2011-03-08 19:54 . 2006-07-20 10:33 65536 ----a-w- c:\windows\system32\NATTraversal.dll
    2011-03-08 19:53 . 2011-03-08 19:53 -------- d-----w- c:\program files\Launch Manager
    2011-03-08 19:50 . 2007-03-14 21:02 29744 ------w- c:\windows\system32\msxml3a.dll
    2011-03-08 19:50 . 2007-03-14 21:02 49712 ----a-w- c:\windows\system32\msxm733b.rra
    2011-03-08 19:50 . 2011-03-08 19:50 -------- d-----w- c:\program files\CyberLink
    2011-03-08 19:50 . 2001-09-05 04:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
    2011-03-08 19:50 . 2001-09-05 04:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2011-03-08 19:50 . 2001-09-05 04:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2011-03-08 19:50 . 2001-09-05 04:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2011-03-08 19:50 . 2007-03-14 04:54 610436 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2011-03-08 19:49 . 2011-03-08 19:49 -------- d-----w- C:\Intel
    2011-03-08 19:47 . 2011-03-08 19:53 -------- d-----w- c:\users\Chris
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-01-03 02:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
    "RtHDVCpl "= "RtHDVCpl.exe" [2008-01-08 4853760]
    "SynTPStart "= "c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
    "RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
    "LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
    "eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
    "LManager "= "c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
    "WarReg_PopUp "= "c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "eRecoveryService "= "c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-08-16 368640]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-27 535336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring "=dword:00000001
    .
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
    R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
    S1 MpKslc03755a5;MpKslc03755a5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA1E55FE-1C5C-4C1B-B5B9-0C3AEB1D86ED}\MpKslc03755a5.sys [2011-03-09 28752]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSLC03755A5
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = hxxp://en.uk.acer.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-09 20:59
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(4924)
    c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\acer\Empowering Technology\EPOWER\SysHook.dll
    c:\acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    c:\acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    .
    Completion time: 2011-03-09 21:02:07
    ComboFix-quarantined-files.txt 2011-03-09 21:01
    .
    Pre-Run: 17,744,265,216 bytes free
    Post-Run: 17,654,218,752 bytes free
    .
    - - End Of File - - DB172F0EB8E9E9DAFA444D1B78AFAF7C
     
    corbyboy,
    #7
  9. 2011/03/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    Combofix log looks good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #8
  10. 2011/03/09
    corbyboy

    corbyboy Inactive Thread Starter

    Joined:
    2011/03/08
    Messages:
    10
    Likes Received:
    0
    Here is OTL.txt

    OTL logfile created on: 09/03/2011 22:21:24 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 32.38 Gb Total Space | 16.46 Gb Free Space | 50.83% Space Free | Partition Type: NTFS
    Drive D: | 32.38 Gb Total Space | 17.43 Gb Free Space | 53.82% Space Free | Partition Type: NTFS

    Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/09 22:19:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2008/03/24 18:37:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    PRC - [2008/01/21 02:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/01/10 01:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    PRC - [2008/01/08 00:25:14 | 004,853,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/01/07 23:51:46 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2008/01/03 01:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/01/03 01:55:48 | 000,521,776 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    PRC - [2007/12/20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
    PRC - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    PRC - [2007/11/27 18:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
    PRC - [2007/10/03 22:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/10/03 22:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2007/10/01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    PRC - [2007/09/20 13:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    PRC - [2007/09/07 19:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    PRC - [2005/08/16 09:56:16 | 000,368,640 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/09 22:19:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    MOD - [2008/01/21 02:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/03 01:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2007/12/20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
    SRV - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
    SRV - [2007/11/27 18:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
    SRV - [2007/10/03 22:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2007/10/01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
    SRV - [2007/09/20 13:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/03/09 21:44:05 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1362DF97-7043-43F9-A92A-82B8266F96D2}\MpKslbc5dcdc1.sys -- (MpKslbc5dcdc1)
    DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2008/01/21 02:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2007/11/30 15:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2007/05/02 11:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2006/11/29 00:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/09/19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1021232006-113049809-2132283466-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-1021232006-113049809-2132283466-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1021232006-113049809-2132283466-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2011/03/08 23:30:25 | 000,000,698 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-1021232006-113049809-2132283466-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1021232006-113049809-2132283466-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1021232006-113049809-2132283466-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/09 22:19:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    [2011/03/09 21:02:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/03/09 21:01:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/09 20:58:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
    [2011/03/09 20:30:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/09 20:26:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
    [2011/03/09 18:58:06 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Chris\Desktop\remover.exe
    [2011/03/09 18:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2011/03/09 18:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2011/03/09 07:15:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\tdsskiller
    [2011/03/09 03:26:27 | 000,207,368 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
    [2011/03/09 03:26:19 | 000,199,176 | ---- | C] (Dritek System Inc.) -- C:\Windows\GVUni.exe
    [2011/03/09 03:25:52 | 000,020,480 | ---- | C] (Wistron Corp.) -- C:\Windows\RUNXMLPL.EXE
    [2011/03/09 03:25:51 | 000,000,000 | ---D | C] -- C:\Windows\Lan
    [2011/03/09 02:32:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2011/03/09 02:32:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
    [2011/03/09 02:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
    [2011/03/09 00:12:55 | 000,080,744 | ---- | C] (Wasay) -- C:\Windows\System32\drivers\WSVD.sys
    [2011/03/09 00:11:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\eRecovery 1.2.15.1
    [2011/03/09 00:09:26 | 000,258,048 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Uninstall_eRecovery.exe
    [2011/03/08 23:29:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\HostsXpert
    [2011/03/08 22:50:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/08 22:50:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/08 22:50:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/08 22:50:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/08 22:47:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/08 21:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/03/08 21:17:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
    [2011/03/08 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
    [2011/03/08 20:57:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/03/08 20:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/08 20:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/08 20:57:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/03/08 20:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/03/08 20:55:08 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup.exe
    [2011/03/08 20:34:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/03/08 20:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
    [2011/03/08 20:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2011/03/08 20:15:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Yahoo!
    [2011/03/08 20:11:55 | 000,015,392 | ---- | C] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys
    [2011/03/08 20:11:55 | 000,013,096 | ---- | C] (Zeal SoftStudio) -- C:\Windows\System32\drivers\zntport64.sys
    [2011/03/08 20:11:55 | 000,006,080 | ---- | C] (Zeal SoftStudio) -- C:\Windows\System32\drivers\zntport.sys
    [2011/03/08 20:11:26 | 000,000,000 | -H-D | C] -- C:\Users\Chris\AppData\Local\acer eNM
    [2011/03/08 20:03:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe
    [2011/03/08 19:54:53 | 000,368,640 | ---- | C] (Acer Inc.) -- C:\Windows\System32\CheckD2DSystem.exe
    [2011/03/08 19:54:53 | 000,327,680 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Remove_eRecovery.exe
    [2011/03/08 19:54:53 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
    [2011/03/08 19:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
    [2011/03/08 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
    [2011/03/08 19:52:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Downloaded Installations
    [2011/03/08 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista
    [2011/03/08 19:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
    [2011/03/08 19:49:09 | 000,000,000 | ---D | C] -- C:\Intel
    [2011/03/08 19:48:34 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2011/03/08 19:48:34 | 000,000,000 | R--D | C] -- C:\Users\Chris\Searches
    [2011/03/08 19:48:34 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2011/03/08 19:48:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Identities
    [2011/03/08 19:48:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\Contacts
    [2011/03/08 19:48:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
    [2011/03/08 19:47:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VirtualStore
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Temporary Internet Files
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Templates
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Start Menu
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\SendTo
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Recent
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\PrintHood
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\NetHood
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Videos
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Pictures
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Music
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\My Documents
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Local Settings
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\History
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Cookies
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Application Data
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Application Data
    [2011/03/08 19:47:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft
    [2011/03/08 19:47:18 | 000,000,000 | --SD | C] -- C:\Users\Chris\AppData\Roaming\Microsoft
    [2011/03/08 19:47:18 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2011/03/08 19:47:18 | 000,000,000 | R--D | C] -- C:\Users\Chris\Downloads
    [2011/03/08 19:47:18 | 000,000,000 | R--D | C] -- C:\Users\Chris\Documents
    [2011/03/08 19:47:18 | 000,000,000 | R--D | C] -- C:\Users\Chris\Desktop
    [2011/03/08 19:47:18 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2011/03/08 19:47:18 | 000,000,000 | -H-D | C] -- C:\Users\Chris\AppData
    [2011/03/08 19:47:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Videos
    [2011/03/08 19:47:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Saved Games
    [2011/03/08 19:47:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Pictures
    [2011/03/08 19:47:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Music
    [2011/03/08 19:47:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Links
    [2011/03/08 19:47:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Favorites

    ========== Files - Modified Within 30 Days ==========

    [2011/03/09 22:19:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    [2011/03/09 21:48:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/09 21:48:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/09 20:32:26 | 000,649,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/03/09 20:32:26 | 000,124,374 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/03/09 20:25:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/09 20:25:00 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/09 19:03:47 | 004,284,225 | R--- | M] () -- C:\Users\Chris\Desktop\ComboFix.exe
    [2011/03/09 18:57:57 | 000,039,605 | ---- | M] () -- C:\Users\Chris\Desktop\bootkit_remover.rar
    [2011/03/09 18:56:52 | 001,110,476 | ---- | M] () -- C:\Users\Chris\Desktop\7z920.exe
    [2011/03/09 07:15:20 | 001,261,440 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
    [2011/03/09 02:38:52 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
    [2011/03/09 00:11:48 | 005,288,210 | ---- | M] () -- C:\Users\Chris\Desktop\eRecovery 1.2.15.1.zip
    [2011/03/08 23:30:25 | 000,000,698 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/03/08 23:29:19 | 000,353,485 | ---- | M] () -- C:\Users\Chris\Desktop\HostsXpert.zip
    [2011/03/08 21:44:49 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/03/08 21:41:54 | 169,106,229 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/03/08 21:26:47 | 000,625,664 | ---- | M] () -- C:\Users\Chris\Desktop\dds.scr
    [2011/03/08 21:26:26 | 000,080,384 | ---- | M] () -- C:\Users\Chris\Desktop\MBRCheck.exe
    [2011/03/08 21:25:38 | 000,296,448 | ---- | M] () -- C:\Users\Chris\Desktop\zq893cs3.exe
    [2011/03/08 21:17:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
    [2011/03/08 20:55:09 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup.exe
    [2011/03/08 20:16:02 | 000,000,201 | ---- | M] () -- C:\Windows\USER.XML
    [2011/03/08 20:13:06 | 000,000,202 | ---- | M] () -- C:\Windows\Factory.xml
    [2011/03/08 20:09:14 | 000,370,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/03/08 19:53:21 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
    [2011/03/08 19:52:42 | 000,000,947 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/03/08 19:51:48 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI
    [2011/03/08 19:47:54 | 000,014,584 | ---- | M] () -- C:\Windows\System32\results.xml

    ========== Files Created - No Company Name ==========

    [2011/03/09 18:57:56 | 000,039,605 | ---- | C] () -- C:\Users\Chris\Desktop\bootkit_remover.rar
    [2011/03/09 18:56:41 | 001,110,476 | ---- | C] () -- C:\Users\Chris\Desktop\7z920.exe
    [2011/03/09 07:15:14 | 001,261,440 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
    [2011/03/09 03:26:48 | 000,000,698 | ---- | C] () -- C:\Patch2.rev
    [2011/03/09 03:26:36 | 000,003,798 | -HS- | C] () -- C:\Patch.rev
    [2011/03/09 03:26:00 | 000,144,201 | ---- | C] () -- C:\Windows\System32\drivers\HSFProf.cty
    [2011/03/09 03:25:58 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2011/03/09 03:25:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2011/03/09 03:25:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
    [2011/03/09 03:25:58 | 000,025,968 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
    [2011/03/09 03:25:58 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
    [2011/03/09 03:25:58 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
    [2011/03/09 03:25:52 | 000,000,201 | ---- | C] () -- C:\Windows\USER.XML
    [2011/03/09 02:34:41 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
    [2011/03/09 02:32:50 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNBR.bmp
    [2011/03/09 02:32:50 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
    [2011/03/09 00:11:37 | 005,288,210 | ---- | C] () -- C:\Users\Chris\Desktop\eRecovery 1.2.15.1.zip
    [2011/03/08 23:29:14 | 000,353,485 | ---- | C] () -- C:\Users\Chris\Desktop\HostsXpert.zip
    [2011/03/08 22:50:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/08 22:50:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/08 22:50:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/08 22:50:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/08 22:50:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/08 21:44:49 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011/03/08 21:44:25 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/03/08 21:44:09 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
    [2011/03/08 21:26:43 | 000,625,664 | ---- | C] () -- C:\Users\Chris\Desktop\dds.scr
    [2011/03/08 21:26:25 | 000,080,384 | ---- | C] () -- C:\Users\Chris\Desktop\MBRCheck.exe
    [2011/03/08 21:25:36 | 000,296,448 | ---- | C] () -- C:\Users\Chris\Desktop\zq893cs3.exe
    [2011/03/08 20:34:07 | 169,106,229 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/03/08 20:32:19 | 004,284,225 | R--- | C] () -- C:\Users\Chris\Desktop\ComboFix.exe
    [2011/03/08 20:11:55 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
    [2011/03/08 19:54:53 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
    [2011/03/08 19:54:53 | 000,000,552 | ---- | C] () -- C:\Windows\System32\setup.iss
    [2011/03/08 19:54:10 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
    [2011/03/08 19:53:21 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
    [2011/03/08 19:52:42 | 000,000,947 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/03/08 19:51:48 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI
    [2011/03/08 19:50:52 | 000,000,631 | ---- | C] () -- C:\Windows\PDVD.iss
    [2011/03/08 19:50:52 | 000,000,631 | ---- | C] () -- C:\PDVD.iss
    [2011/03/08 19:48:37 | 000,000,953 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/03/08 19:48:33 | 000,000,948 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2011/03/08 19:48:18 | 000,000,919 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    [2011/03/08 19:47:54 | 000,014,584 | ---- | C] () -- C:\Windows\System32\results.xml
    [2011/03/08 19:47:20 | 000,000,258 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/03/08 19:47:19 | 000,000,240 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2008/03/27 08:47:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
    [2008/03/27 05:07:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/03/27 05:07:16 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
    [2008/03/27 05:07:16 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
    [2008/03/27 05:07:14 | 000,000,040 | ---- | C] () -- C:\Windows\Prelaunch.ini
    [2008/03/27 04:26:42 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2008/03/27 04:26:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
    [2008/01/21 02:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2006/11/02 12:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 12:44:53 | 000,370,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 10:33:01 | 000,649,186 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 10:33:01 | 000,124,374 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/11/02 07:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2001/12/26 22:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/09/04 05:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 22:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/24 04:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2011/03/09 20:23:37 | 000,012,354 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/21 02:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2008/02/10 23:06:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/03/09 21:02:07 | 000,012,145 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/03/09 20:25:00 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/09 20:24:59 | 2451,238,912 | -HS- | M] () -- C:\pagefile.sys
    [2008/06/04 21:03:10 | 000,003,798 | -HS- | M] () -- C:\Patch.rev
    [2008/04/30 15:51:44 | 000,000,698 | ---- | M] () -- C:\Patch2.rev
    [2007/09/14 01:59:06 | 000,000,631 | ---- | M] () -- C:\PDVD.iss
    [2008/03/27 08:08:06 | 000,000,150 | RHS- | M] () -- C:\preload.rev
    [2011/03/09 07:27:10 | 000,061,834 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_09.03.2011_07.15.58_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 12:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 12:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 12:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 12:35:34 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/21 02:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 03:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 03:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 03:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/03/08 19:52:42 | 000,000,221 | -HS- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/09 18:56:52 | 001,110,476 | ---- | M] () -- C:\Users\Chris\Desktop\7z920.exe
    [2011/03/09 19:03:47 | 004,284,225 | R--- | M] () -- C:\Users\Chris\Desktop\ComboFix.exe
    [2011/03/08 20:55:09 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup.exe
    [2011/03/08 21:26:26 | 000,080,384 | ---- | M] () -- C:\Users\Chris\Desktop\MBRCheck.exe
    [2011/03/08 21:25:17 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Users\Chris\Desktop\mseinstall.exe
    [2011/03/09 22:19:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    [2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Chris\Desktop\remover.exe
    [2011/03/08 21:17:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
    [2011/03/08 21:25:38 | 000,296,448 | ---- | M] () -- C:\Users\Chris\Desktop\zq893cs3.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/03/09 02:32:47 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2011/03/09 02:32:18 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2008/03/27 04:16:09 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2008/03/27 04:16:09 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2011/03/09 02:32:18 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/03/08 19:48:34 | 000,000,402 | -HS- | M] () -- C:\Users\Chris\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
    corbyboy,
    #9
  11. 2011/03/09
    corbyboy

    corbyboy Inactive Thread Starter

    Joined:
    2011/03/08
    Messages:
    10
    Likes Received:
    0
    And here is Extras.txt

    OTL Extras logfile created on: 09/03/2011 22:21:24 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 32.38 Gb Total Space | 16.46 Gb Free Space | 50.83% Space Free | Partition Type: NTFS
    Drive D: | 32.38 Gb Total Space | 17.43 Gb Free Space | 53.82% Space Free | Partition Type: NTFS

    Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{61A35DF7-D7C8-4C7C-8899-C2F2740E85D6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{E0D2E555-4078-4D85-8A1E-6D3938B00B49}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
    "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)all\{91120000-0031-0000-0000-0000000FF1CE}
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
    "{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
    "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
    "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
    "{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
    "7-Zip" = 7-Zip 9.20
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
    "GridVista" = Acer GridVista
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
    "InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
    "InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "PROHYBRIDR" = 2007 Microsoft Office system
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 08/03/2011 16:10:08 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 08/03/2011 16:11:11 | Computer Name = Chris-PC | Source = VSS | ID = 8194
    Description =

    Error - 08/03/2011 16:11:44 | Computer Name = Chris-PC | Source = SPP | ID = 16387
    Description =

    Error - 08/03/2011 16:11:44 | Computer Name = Chris-PC | Source = System Restore | ID = 8193
    Description =

    Error - 08/03/2011 16:12:35 | Computer Name = Chris-PC | Source = VSS | ID = 8194
    Description =

    Error - 08/03/2011 16:12:39 | Computer Name = Chris-PC | Source = SPP | ID = 16387
    Description =

    Error - 08/03/2011 16:12:39 | Computer Name = Chris-PC | Source = System Restore | ID = 8193
    Description =

    Error - 08/03/2011 16:15:13 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 08/03/2011 16:35:14 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 08/03/2011 16:38:01 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 09/03/2011 14:46:19 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 09/03/2011 14:46:19 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 09/03/2011 14:46:19 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 09/03/2011 14:46:19 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 09/03/2011 14:46:19 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 09/03/2011 14:46:19 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 09/03/2011 14:46:19 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 09/03/2011 14:46:19 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 09/03/2011 14:58:45 | Computer Name = Chris-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.99.862.0 Update Source: %%859 Update Stage:
    %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6603.0 Error
    code: 0x800704c7 Error description: The operation was canceled by the user.

    Error - 09/03/2011 15:07:48 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
    Description =


    < End of report >

    Thanks for the continued support.
     
    corbyboy,
    #10
  12. 2011/03/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #11
  13. 2011/03/10
    corbyboy

    corbyboy Inactive Thread Starter

    Joined:
    2011/03/08
    Messages:
    10
    Likes Received:
    0
    Here is the OTL log:

    OTL logfile created on: 10/03/2011 09:25:02 - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 32.38 Gb Total Space | 13.75 Gb Free Space | 42.47% Space Free | Partition Type: NTFS
    Drive D: | 32.38 Gb Total Space | 17.43 Gb Free Space | 53.82% Space Free | Partition Type: NTFS

    Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/10 09:21:36 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Chris\AppData\Local\temp\RtkBtMnt.exe
    PRC - [2011/03/09 23:28:54 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
    PRC - [2011/03/09 22:19:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/03/24 18:37:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    PRC - [2008/01/10 01:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    PRC - [2008/01/08 00:25:14 | 004,853,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/01/07 23:51:46 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2008/01/03 01:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/01/03 01:55:48 | 000,521,776 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    PRC - [2007/12/20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
    PRC - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    PRC - [2007/11/27 18:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
    PRC - [2007/10/03 22:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/10/03 22:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2007/10/01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    PRC - [2007/09/20 13:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    PRC - [2007/09/07 19:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    PRC - [2007/09/06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    PRC - [2005/08/16 09:56:16 | 000,368,640 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/09 22:19:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    MOD - [2010/08/31 15:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/03 01:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2007/12/20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
    SRV - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
    SRV - [2007/11/27 18:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
    SRV - [2007/10/03 22:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2007/10/01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
    SRV - [2007/09/20 13:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/03/10 09:21:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1362DF97-7043-43F9-A92A-82B8266F96D2}\MpKsl52c785a4.sys -- (MpKsl52c785a4)
    DRV - [2011/03/10 08:36:57 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1362DF97-7043-43F9-A92A-82B8266F96D2}\MpKsl39353d2c.sys -- (MpKsl39353d2c)
    DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2008/01/21 02:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2007/11/30 15:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2007/05/02 11:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2006/11/29 00:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/09/19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1021232006-113049809-2132283466-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-1021232006-113049809-2132283466-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1021232006-113049809-2132283466-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2011/03/08 23:30:25 | 000,000,698 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-1021232006-113049809-2132283466-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1021232006-113049809-2132283466-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1021232006-113049809-2132283466-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/10 09:21:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
    [2011/03/10 09:10:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\JavaRa
    [2011/03/10 09:10:13 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Chris\Desktop\JavaRa.exe
    [2011/03/10 09:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2011/03/10 09:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/03/10 08:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2011/03/09 22:19:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    [2011/03/09 21:02:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/03/09 21:01:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/09 20:58:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
    [2011/03/09 20:30:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/09 18:58:06 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Chris\Desktop\remover.exe
    [2011/03/09 18:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2011/03/09 18:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2011/03/09 07:15:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\tdsskiller
    [2011/03/09 03:26:27 | 000,207,368 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
    [2011/03/09 03:26:19 | 000,199,176 | ---- | C] (Dritek System Inc.) -- C:\Windows\GVUni.exe
    [2011/03/09 03:25:52 | 000,020,480 | ---- | C] (Wistron Corp.) -- C:\Windows\RUNXMLPL.EXE
    [2011/03/09 03:25:51 | 000,000,000 | ---D | C] -- C:\Windows\Lan
    [2011/03/09 02:32:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2011/03/09 02:32:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
    [2011/03/09 02:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
    [2011/03/09 00:12:55 | 000,080,744 | ---- | C] (Wasay) -- C:\Windows\System32\drivers\WSVD.sys
    [2011/03/09 00:11:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\eRecovery 1.2.15.1
    [2011/03/09 00:09:26 | 000,258,048 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Uninstall_eRecovery.exe
    [2011/03/08 23:29:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\HostsXpert
    [2011/03/08 22:50:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/08 22:50:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/08 22:50:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/08 22:50:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/08 22:47:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/08 21:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/03/08 21:17:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
    [2011/03/08 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
    [2011/03/08 20:57:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/03/08 20:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/08 20:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/08 20:57:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/03/08 20:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/03/08 20:55:08 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup.exe
    [2011/03/08 20:34:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/03/08 20:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
    [2011/03/08 20:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2011/03/08 20:15:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Yahoo!
    [2011/03/08 20:11:55 | 000,015,392 | ---- | C] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys
    [2011/03/08 20:11:55 | 000,013,096 | ---- | C] (Zeal SoftStudio) -- C:\Windows\System32\drivers\zntport64.sys
    [2011/03/08 20:11:55 | 000,006,080 | ---- | C] (Zeal SoftStudio) -- C:\Windows\System32\drivers\zntport.sys
    [2011/03/08 20:11:26 | 000,000,000 | -H-D | C] -- C:\Users\Chris\AppData\Local\acer eNM
    [2011/03/08 20:03:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe
    [2011/03/08 19:54:53 | 000,368,640 | ---- | C] (Acer Inc.) -- C:\Windows\System32\CheckD2DSystem.exe
    [2011/03/08 19:54:53 | 000,327,680 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Remove_eRecovery.exe
    [2011/03/08 19:54:53 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
    [2011/03/08 19:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
    [2011/03/08 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
    [2011/03/08 19:52:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Downloaded Installations
    [2011/03/08 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista
    [2011/03/08 19:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
    [2011/03/08 19:49:09 | 000,000,000 | ---D | C] -- C:\Intel
    [2011/03/08 19:48:34 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2011/03/08 19:48:34 | 000,000,000 | R--D | C] -- C:\Users\Chris\Searches
    [2011/03/08 19:48:34 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2011/03/08 19:48:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Identities
    [2011/03/08 19:48:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\Contacts
    [2011/03/08 19:48:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
    [2011/03/08 19:47:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VirtualStore
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Temporary Internet Files
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Templates
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Start Menu
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\SendTo
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Recent
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\PrintHood
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\NetHood
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Videos
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Pictures
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Music
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\My Documents
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Local Settings
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\History
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Cookies
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Application Data
    [2011/03/08 19:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Application Data
    [2011/03/08 19:47:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft
    [2011/03/08 19:47:18 | 000,000,000 | --SD | C] -- C:\Users\Chris\AppData\Roaming\Microsoft
    [2011/03/08 19:47:18 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2011/03/08 19:47:18 | 000,000,000 | R--D | C] -- C:\Users\Chris\Downloads
    [2011/03/08 19:47:18 | 000,000,000 | R--D | C] -- C:\Users\Chris\Documents
    [2011/03/08 19:47:18 | 000,000,000 | R--D | C] -- C:\Users\Chris\Desktop
    [2011/03/08 19:47:18 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2011/03/08 19:47:18 | 000,000,000 | -H-D | C] -- C:\Users\Chris\AppData
    [2011/03/08 19:47:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Videos
    [2011/03/08 19:47:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Saved Games
    [2011/03/08 19:47:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Pictures
    [2011/03/08 19:47:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Music
    [2011/03/08 19:47:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Links
    [2011/03/08 19:47:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Favorites

    ========== Files - Modified Within 30 Days ==========

    [2011/03/10 09:21:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/10 09:21:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/10 09:20:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/10 09:20:42 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/10 09:16:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
    [2011/03/10 09:12:56 | 000,879,028 | ---- | M] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
    [2011/03/10 09:10:04 | 000,159,757 | ---- | M] () -- C:\Users\Chris\Desktop\JavaRa.zip
    [2011/03/10 08:42:45 | 000,649,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/03/10 08:42:45 | 000,124,374 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/03/10 08:39:01 | 000,001,593 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
    [2011/03/10 08:36:10 | 000,374,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/03/09 22:19:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    [2011/03/09 19:03:47 | 004,284,225 | R--- | M] () -- C:\Users\Chris\Desktop\ComboFix.exe
    [2011/03/09 18:57:57 | 000,039,605 | ---- | M] () -- C:\Users\Chris\Desktop\bootkit_remover.rar
    [2011/03/09 18:56:52 | 001,110,476 | ---- | M] () -- C:\Users\Chris\Desktop\7z920.exe
    [2011/03/09 07:15:20 | 001,261,440 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
    [2011/03/09 02:38:52 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
    [2011/03/09 00:11:48 | 005,288,210 | ---- | M] () -- C:\Users\Chris\Desktop\eRecovery 1.2.15.1.zip
    [2011/03/08 23:30:25 | 000,000,698 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/03/08 23:29:19 | 000,353,485 | ---- | M] () -- C:\Users\Chris\Desktop\HostsXpert.zip
    [2011/03/08 21:44:49 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/03/08 21:41:54 | 169,106,229 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/03/08 21:26:47 | 000,625,664 | ---- | M] () -- C:\Users\Chris\Desktop\dds.scr
    [2011/03/08 21:26:26 | 000,080,384 | ---- | M] () -- C:\Users\Chris\Desktop\MBRCheck.exe
    [2011/03/08 21:25:38 | 000,296,448 | ---- | M] () -- C:\Users\Chris\Desktop\zq893cs3.exe
    [2011/03/08 20:55:09 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup.exe
    [2011/03/08 20:16:02 | 000,000,201 | ---- | M] () -- C:\Windows\USER.XML
    [2011/03/08 20:13:06 | 000,000,202 | ---- | M] () -- C:\Windows\Factory.xml
    [2011/03/08 19:53:21 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
    [2011/03/08 19:52:42 | 000,000,947 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/03/08 19:51:48 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI
    [2011/03/08 19:47:54 | 000,014,584 | ---- | M] () -- C:\Windows\System32\results.xml

    ========== Files Created - No Company Name ==========

    [2011/03/10 09:12:52 | 000,879,028 | ---- | C] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
    [2011/03/10 09:10:13 | 000,003,127 | ---- | C] () -- C:\Users\Chris\Desktop\Nederlands.lng
    [2011/03/10 09:10:01 | 000,159,757 | ---- | C] () -- C:\Users\Chris\Desktop\JavaRa.zip
    [2011/03/10 08:39:01 | 000,001,593 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
    [2011/03/09 23:50:42 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/03/09 23:50:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011/03/09 23:50:39 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
    [2011/03/09 19:38:20 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
    [2011/03/09 18:57:56 | 000,039,605 | ---- | C] () -- C:\Users\Chris\Desktop\bootkit_remover.rar
    [2011/03/09 18:56:41 | 001,110,476 | ---- | C] () -- C:\Users\Chris\Desktop\7z920.exe
    [2011/03/09 07:15:14 | 001,261,440 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
    [2011/03/09 03:26:48 | 000,000,698 | ---- | C] () -- C:\Patch2.rev
    [2011/03/09 03:26:36 | 000,003,798 | -HS- | C] () -- C:\Patch.rev
    [2011/03/09 03:26:00 | 000,144,201 | ---- | C] () -- C:\Windows\System32\drivers\HSFProf.cty
    [2011/03/09 03:25:58 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2011/03/09 03:25:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2011/03/09 03:25:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
    [2011/03/09 03:25:58 | 000,025,968 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
    [2011/03/09 03:25:58 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
    [2011/03/09 03:25:58 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
    [2011/03/09 03:25:52 | 000,000,201 | ---- | C] () -- C:\Windows\USER.XML
    [2011/03/09 02:34:41 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
    [2011/03/09 02:32:50 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNBR.bmp
    [2011/03/09 02:32:50 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
    [2011/03/09 00:11:37 | 005,288,210 | ---- | C] () -- C:\Users\Chris\Desktop\eRecovery 1.2.15.1.zip
    [2011/03/08 23:29:14 | 000,353,485 | ---- | C] () -- C:\Users\Chris\Desktop\HostsXpert.zip
    [2011/03/08 22:50:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/08 22:50:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/08 22:50:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/08 22:50:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/08 22:50:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/08 21:44:49 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011/03/08 21:44:25 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/03/08 21:44:09 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
    [2011/03/08 21:26:43 | 000,625,664 | ---- | C] () -- C:\Users\Chris\Desktop\dds.scr
    [2011/03/08 21:26:25 | 000,080,384 | ---- | C] () -- C:\Users\Chris\Desktop\MBRCheck.exe
    [2011/03/08 21:25:36 | 000,296,448 | ---- | C] () -- C:\Users\Chris\Desktop\zq893cs3.exe
    [2011/03/08 20:34:07 | 169,106,229 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/03/08 20:32:19 | 004,284,225 | R--- | C] () -- C:\Users\Chris\Desktop\ComboFix.exe
    [2011/03/08 20:11:55 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
    [2011/03/08 19:54:53 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
    [2011/03/08 19:54:53 | 000,000,552 | ---- | C] () -- C:\Windows\System32\setup.iss
    [2011/03/08 19:54:10 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
    [2011/03/08 19:53:21 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
    [2011/03/08 19:52:42 | 000,000,947 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/03/08 19:51:48 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI
    [2011/03/08 19:50:52 | 000,000,631 | ---- | C] () -- C:\Windows\PDVD.iss
    [2011/03/08 19:50:52 | 000,000,631 | ---- | C] () -- C:\PDVD.iss
    [2011/03/08 19:48:37 | 000,000,953 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/03/08 19:48:33 | 000,000,948 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2011/03/08 19:48:18 | 000,000,919 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    [2011/03/08 19:47:54 | 000,014,584 | ---- | C] () -- C:\Windows\System32\results.xml
    [2011/03/08 19:47:20 | 000,000,258 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/03/08 19:47:19 | 000,000,240 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2008/03/27 08:47:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
    [2008/03/27 05:07:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/03/27 05:07:16 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
    [2008/03/27 05:07:16 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
    [2008/03/27 05:07:14 | 000,000,040 | ---- | C] () -- C:\Windows\Prelaunch.ini
    [2008/03/27 04:26:42 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2008/03/27 04:26:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
    [2006/11/02 12:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 12:44:53 | 000,374,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 10:33:01 | 000,649,186 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 10:33:01 | 000,124,374 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2001/12/26 22:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/09/04 05:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 22:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/24 04:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2011/03/10 09:19:49 | 000,013,470 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < :OTL >

    < O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. >

    < O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found >

    < >

    < :Commands >

    < [purity] >

    < [emptytemp] >

    < [emptyflash] >

    < [Reboot] >

    < End of report >

    And here is Security Check's log:

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 1 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 8.1.0
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Empowering Technology eSettings Service capuserv.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````
     
    corbyboy,
    #12
  14. 2011/03/10
    corbyboy

    corbyboy Inactive Thread Starter

    Joined:
    2011/03/08
    Messages:
    10
    Likes Received:
    0
    Hopefully I haven't jumped the gun but I have updated the software mentioned in the Security Check report.

    I then ran the scan again and here is the result:

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    ESET Online Scanner v3
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 8.2.6
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Empowering Technology eSettings Service capuserv.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````
     
    corbyboy,
    #13
  15. 2011/03/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's fine.

    You posted incorrect OTL log. I suspect, you clicked on "Scan" button instead of "Fix" button.
    Please, post new log.

    ===============================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ===============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #14
  16. 2011/03/10
    corbyboy

    corbyboy Inactive Thread Starter

    Joined:
    2011/03/08
    Messages:
    10
    Likes Received:
    0
    Here is the OTL log:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Chris
    ->Temp folder emptied: 13236035 bytes
    ->Temporary Internet Files folder emptied: 3319325 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 94244293 bytes
    ->Flash cache emptied: 2721 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 554470 bytes
    RecycleBin emptied: 523200739 bytes

    Total Files Cleaned = 605.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Chris
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03102011_212635

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    Thanks a lot for your help. It has been invaluable. Thanks a lot for the tips to keep my computer running smoothly too. I would like to do something to show my appreciation. I saw your signature, but are you sure I can't send you some money just to say thanks. If you prefer I could make a donation to this site.
     
    corbyboy,
    #15
  17. 2011/03/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    Good luck and stay safe :)
     
    broni,
    #16

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...