TechSpot

Annoying google redirect virus

By credendum
Nov 30, 2010
  1. Hey guys. I seem to have the same problem as a lot of people these days. Got a hold of a google redirect virus that is driving me nuts. I managed to get my old laptop running but that was after I took some steps on my own (probably hurting things. :( )

    As of right now here is what is going on.

    My new laptop redirects whenever I use google with firefox. I did not try IE or Chrome or any other search engines for that matter. As soon as I noted the redirect I disconnected the wireless and restored the laptop to factory settings (I've only had it for a couple of weeks). I didn't know if that would help but I went for it. It restored from the hidden image as the laptop did not come with any restore discs.

    Along with the redirect came a great slow down and when the restore completed it was still acting a little laggy. The searches worked fine for a little bit but then the same problem jumped up. I've been reading up on steps to clean my system but I didn't think relying on threads for other people would be good for me to do. I've run the latest malware bytes, but it doesnt notice anything. I've also reset my router to factory settings without any effect.

    Edit- I looked back over and saw the 8-steps sticky. Went ahead and followed those steps.

    Avira Scan----------------
    Avira AntiVir Personal
    Report file date: Tuesday, November 30, 2010 00:47

    Scanning for 3104283 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows 7 x64
    Windows version : (plain) [6.1.7600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : MIKE-PC

    Version information:
    BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
    AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 22:09:56
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
    LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 22:10:00
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:27:49
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:37:42
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 23:37:42
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 18:29:03
    VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 22:10:03
    VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 22:10:04
    VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 22:10:06
    VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 06:42:51
    VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 06:42:56
    VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 06:42:57
    VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 06:42:57
    VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 06:42:57
    VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 06:42:58
    VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 06:42:59
    VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 06:43:00
    VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 06:43:02
    VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 06:43:02
    VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 06:43:03
    VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 06:43:04
    VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 06:43:05
    VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 06:43:06
    VBASE022.VDF : 7.10.14.116 140800 Bytes 11/26/2010 06:43:07
    VBASE023.VDF : 7.10.14.117 2048 Bytes 11/26/2010 06:43:07
    VBASE024.VDF : 7.10.14.118 2048 Bytes 11/26/2010 06:43:07
    VBASE025.VDF : 7.10.14.119 2048 Bytes 11/26/2010 06:43:08
    VBASE026.VDF : 7.10.14.120 2048 Bytes 11/26/2010 06:43:08
    VBASE027.VDF : 7.10.14.121 2048 Bytes 11/26/2010 06:43:08
    VBASE028.VDF : 7.10.14.122 2048 Bytes 11/26/2010 06:43:08
    VBASE029.VDF : 7.10.14.123 2048 Bytes 11/26/2010 06:43:08
    VBASE030.VDF : 7.10.14.124 2048 Bytes 11/26/2010 06:43:08
    VBASE031.VDF : 7.10.14.136 103936 Bytes 11/29/2010 06:43:09
    Engineversion : 8.2.4.114
    AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 22:09:54
    AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 11/30/2010 06:43:28
    AESCN.DLL : 8.1.7.2 127349 Bytes 11/30/2010 06:43:26
    AESBX.DLL : 8.1.3.2 254324 Bytes 11/30/2010 06:43:29
    AERDL.DLL : 8.1.9.2 635252 Bytes 11/30/2010 06:43:25
    AEPACK.DLL : 8.2.3.11 471416 Bytes 11/30/2010 06:43:24
    AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/30/2010 06:43:22
    AEHEUR.DLL : 8.1.2.46 3088759 Bytes 11/30/2010 06:43:22
    AEHELP.DLL : 8.1.15.0 246135 Bytes 11/30/2010 06:43:17
    AEGEN.DLL : 8.1.4.2 401781 Bytes 11/30/2010 06:43:16
    AEEMU.DLL : 8.1.3.0 393589 Bytes 11/30/2010 06:43:14
    AECORE.DLL : 8.1.18.1 196984 Bytes 11/30/2010 06:43:13
    AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 22:09:48
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 22:09:56
    AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 22:09:55
    AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 21:27:13
    AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 22:09:55
    AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 22:09:56
    AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 22:09:54
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 22:09:55
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 22:09:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:21
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 22:10:08

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Tuesday, November 30, 2010 00:47

    Starting search for hidden objects.
    c:\program files\acer\acer updater\sd.exe
    c:\Program Files\Acer\Acer Updater\SD.exe
    [NOTE] The process is not visible.
    c:\program files\acer\acer updater\sd.exe
    c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe
    c:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    [NOTE] The process is not visible.
    c:\program files\acer\acer epower management\setapm.exe
    c:\Program Files\Acer\Acer ePower Management\SetAPM.exe
    [NOTE] The process is not visible.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '94' Module(s) have been scanned
    Scan process 'avscan.exe' - '38' Module(s) have been scanned
    Scan process 'avcenter.exe' - '78' Module(s) have been scanned
    Scan process 'avgnt.exe' - '64' Module(s) have been scanned
    Scan process 'sched.exe' - '54' Module(s) have been scanned
    Scan process 'avguard.exe' - '73' Module(s) have been scanned
    Scan process 'NOTEPAD.EXE' - '34' Module(s) have been scanned
    Scan process 'firefox.exe' - '120' Module(s) have been scanned
    Scan process 'firefox.exe' - '59' Module(s) have been scanned
    Scan process 'UNS.exe' - '58' Module(s) have been scanned
    Scan process 'IAStorDataMgrSvc.exe' - '52' Module(s) have been scanned
    Scan process 'LMworker.exe' - '32' Module(s) have been scanned
    Scan process 'ArcadeMovieService.exe' - '50' Module(s) have been scanned
    Scan process 'LManager.exe' - '77' Module(s) have been scanned
    Scan process 'BackupManagerTray.exe' - '41' Module(s) have been scanned
    Scan process 'UpdaterService.exe' - '32' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '31' Module(s) have been scanned
    Scan process 'SchedulerSvc.exe' - '44' Module(s) have been scanned
    Scan process 'IScheduleSvc.exe' - '62' Module(s) have been scanned
    Scan process 'rundll32.exe' - '38' Module(s) have been scanned
    Scan process 'LMS.exe' - '35' Module(s) have been scanned
    Scan process 'GREGsvc.exe' - '27' Module(s) have been scanned
    Scan process 'dsiwmis.exe' - '47' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [DETECTION] Contains code of the BOO/Alureon.A boot sector virus
    [NOTE] The boot sector was not written!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [DETECTION] Contains code of the BOO/Alureon.A boot sector virus
    [NOTE] The boot sector was not written!

    Starting to scan executable files (registry).

    The registry was scanned ( '89' files ).


    Starting the file scan:

    Begin scan in 'C:\' <Acer>


    End of the scan: Tuesday, November 30, 2010 01:15
    Used time: 28:13 Minute(s)

    The scan has been done completely.

    20531 Scanned directories
    426040 Files were scanned
    2 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    426040 Files not concerned
    2564 Archives were scanned
    0 Warnings
    2 Notes
    439140 Objects were scanned with rootkit scan
    4 Hidden objects were found

    MBAM-------------------------------------------------------
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5214

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/30/2010 1:23:09 AM
    mbam-log-2010-11-30 (01-23-09).txt

    Scan type: Quick scan
    Objects scanned: 146390
    Time elapsed: 1 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Gmer----------------------------------------
    Let it quick scan and saved but there was nothing in the file. I can do a full scan later if requested maybe?

    DDS-----------------------------------------

    DDS (Ver_10-11-27.01) - NTFS_AMD64
    Run by Mike at 1:27:08.42 on Tue 11/30/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2590 [GMT -6:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Mike\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
    mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    mRun-x64: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
    mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\tl1vn61l.default\
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-30 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-30 267944]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-11-30 81584]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-3 321104]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-11-29 868896]
    R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-3 13336]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-4-16 144640]
    R2 ODDPwrSvc;Acer ODD Power Service;C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-8-3 171040]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-29 2320920]
    R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-3 243232]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-3 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-3 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-3 271872]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-8-3 76400]
    S2 0297431291090157mcinstcleanup;McAfee Application Installer Cleanup (0297431291090157);C:\Users\Mike\AppData\Local\Temp\029743~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Users\Mike\AppData\Local\Temp\029743~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-9 40448]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-4-16 50432]

    =============== Created Last 30 ================

    2010-11-30 07:05:15 709456 ----a-w- C:\Windows\isRS-000.tmp
    2010-11-30 06:46:51 -------- d-----w- C:\Users\Mike\AppData\Roaming\Avira
    2010-11-30 06:41:51 81584 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2010-11-30 06:41:51 -------- d-----w- C:\Program Files (x86)\Avira
    2010-11-30 06:41:51 -------- d-----w- C:\PROGRA~3\Avira
    2010-11-30 04:49:43 -------- d-----w- C:\Users\Mike\AppData\Local\AOL
    2010-11-30 04:49:43 -------- d-----w- C:\Users\Mike\AppData\Local\AIM
    2010-11-30 04:45:37 -------- d-----w- C:\PROGRA~3\AIM
    2010-11-30 04:45:32 -------- d-----w- C:\Program Files (x86)\AIM
    2010-11-30 04:45:27 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
    2010-11-30 04:45:23 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
    2010-11-30 04:26:20 -------- d-----w- C:\Users\Mike\AppData\Local\Microsoft Games
    2010-11-30 04:24:37 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{6DC46CEA-6696-4E71-A717-A2F7BB764522}\mpengine.dll
    2010-11-30 04:24:36 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-11-30 04:20:57 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
    2010-11-30 04:20:42 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-30 04:20:41 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-30 04:20:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-30 04:20:41 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-30 04:10:11 -------- d-----w- C:\Program Files (x86)\Launch Manager
    2010-11-30 04:08:34 -------- d---a-w- C:\book
    2010-11-30 04:04:46 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
    2010-11-30 04:01:34 -------- d-----w- C:\Program Files\Common Files\Intel
    2010-11-30 04:01:33 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
    2010-11-30 03:56:08 -------- d-----w- C:\Windows\NAPP_Dism_Log
    2010-11-30 02:55:37 -------- d-----w- C:\PROGRA~3\boost_interprocess
    2010-11-30 02:45:22 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
    2010-11-30 02:45:22 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
    2010-11-30 02:45:22 1233920 ----a-w- C:\Windows\SysWow64\msxml4.dll
    2010-11-30 02:44:59 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2010-11-30 02:44:59 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2010-11-30 02:44:59 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2010-11-30 02:44:59 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2010-11-30 02:44:59 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2010-11-30 02:43:31 -------- d-----w- C:\Users\Mike\AppData\Local\Cyberlink
    2010-11-30 02:42:29 -------- d-----w- C:\Program Files (x86)\Acer Arcade Deluxe
    2010-11-30 02:40:53 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2010-11-30 02:40:53 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
    2010-11-30 02:40:41 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2010-11-30 02:40:02 -------- d-----w- C:\Program Files (x86)\Microsoft
    2010-11-30 02:39:36 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
    2010-11-30 02:39:10 -------- d-----w- C:\Windows\PCHEALTH
    2010-11-30 02:38:58 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bd851d6a1cb9037\DSETUP.dll
    2010-11-30 02:38:58 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bd851d6a1cb9037\DXSETUP.exe
    2010-11-30 02:38:58 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bd851d6a1cb9037\dsetup32.dll
    2010-11-30 02:38:22 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc7215.tmp
    2010-11-30 02:38:17 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2010-11-30 02:31:39 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
    2010-11-30 02:30:47 -------- d-----w- C:\Users\Mike\AppData\Roaming\Liteon
    2010-11-30 02:30:47 -------- d-----w- C:\Program Files (x86)\Acer Crystal Eye webcam
    2010-11-30 02:29:47 -------- d-----w- C:\Users\Mike\AppData\Roaming\Intel Corporation
    2010-11-30 02:29:47 -------- d-----w- C:\Program Files\Synaptics
    2010-11-30 02:25:01 -------- d-----w- C:\Users\Mike\AppData\Local\EgisTec IPS
    2010-11-30 02:23:18 -------- d-----w- C:\Users\Mike\AppData\Local\VirtualStore
    2010-11-30 02:21:49 -------- d-sh--w- C:\Recovery

    ==================== Find3M ====================


    ============= FINISH: 1:28:00.98 ===============

    DDS Attach-----------------------------------------------------------

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-27.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/29/2010 8:22:02 PM
    System Uptime: 11/30/2010 1:17:39 AM (0 hours ago)

    Motherboard: Acer | | ZR7
    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 583 GiB total, 554.524 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 11/29/2010 8:34:54 PM - Installed Acer ePower Management
    RP2: 11/29/2010 8:36:53 PM - Installed Microsoft Office 2010
    RP3: 11/29/2010 8:40:44 PM - Installed DirectX
    RP4: 11/29/2010 8:42:15 PM - Installed Suite
    RP5: 11/29/2010 10:24:15 PM - Windows Update
    RP6: 11/29/2010 10:29:23 PM - Removed MyWinLocker Suite
    RP7: 11/29/2010 10:44:27 PM - Removed Norton Online Backup

    ==== Installed Programs ======================

    18 Wheels of Steel - American Long Haul
    Acer Arcade Deluxe
    Acer Arcade Movie
    Acer Backup Manager
    Acer Crystal Eye webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer Game Console
    Acer Games
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1 MUI
    Agatha Christie - Death on the Nile
    AIM 7
    Alcor Micro USB Card Reader
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Avira AntiVir Personal - Free Antivirus
    Backup Manager Basic
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Build-a-lot 2
    Chuzzle Deluxe
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    Download Updater (AOL LLC)
    eSobi v2
    FATE
    Identity Card
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Jewel Quest - Heritage
    Jewel Quest Solitaire 2
    John Deere Drive Green
    Junk Mail filter update
    Launch Manager
    Malwarebytes' Anti-Malware
    MediaShow Espresso
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.12)
    MSVCRT
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    Optical Drive Power Management
    Penguins!
    Plants vs. Zombies
    Polar Bowler
    Polar Golfer
    Realtek High Definition Audio Driver
    Virtual Villagers 4 - The Tree of Life
    Welcome Center
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Zuma's Revenge

    ==== Event Viewer Messages From Past Week ========

    11/30/2010 12:42:18 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    11/30/2010 1:20:29 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    11/30/2010 1:18:52 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{873743D8-7D7C-4D29-9A11-B0EB87BE8DD5} because another computer on the network has the same name. The server could not start.
    11/30/2010 1:18:52 AM, Error: NetBT [4321] - The name "MIKE-PC :20" could not be registered on the interface with IP address 192.168.2.3. The computer with the IP address 192.168.2.2 did not allow the name to be claimed by this computer.
    11/30/2010 1:18:23 AM, Error: NetBT [4321] - The name "MIKE-PC :0" could not be registered on the interface with IP address 192.168.2.3. The computer with the IP address 192.168.2.2 did not allow the name to be claimed by this computer.
    11/30/2010 1:16:37 AM, Error: Service Control Manager [7034] - The Dritek WMI Service service terminated unexpectedly. It has done this 1 time(s).
    11/29/2010 10:49:35 PM, Error: NetBT [4321] - The name "MIKE-PC :0" could not be registered on the interface with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not allow the name to be claimed by this computer.
    11/29/2010 10:05:38 PM, Error: NetBT [4321] - The name "MIKE-PC :20" could not be registered on the interface with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not allow the name to be claimed by this computer.
    11/29/2010 10:01:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Acer ODD Power Service service to connect.
    11/29/2010 10:01:18 PM, Error: Service Control Manager [7000] - The Acer ODD Power Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
     
  3. credendum

    credendum TS Rookie Topic Starter

    I noticed that there is a connection being made to sensic.net every couple of seconds as I'm typing this along with something starting with a "ping." It flashes by so I cant read it. Anywho.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Acer
    BIOS Manufacturer: INSYDE
    System Manufacturer: Acer
    System Product Name: Aspire 5745
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 185):
    0x02C4D000 \SystemRoot\system32\ntoskrnl.exe
    0x02C04000 \SystemRoot\system32\hal.dll
    0x00B97000 \SystemRoot\system32\kdcom.dll
    0x00CF1000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D35000 \SystemRoot\system32\PSHED.dll
    0x00D49000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00E52000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EF6000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F05000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F5C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F65000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F6F000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00FA2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00FAF000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FC4000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00FCD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00FD9000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x01014000 \SystemRoot\System32\drivers\volmgrx.sys
    0x01070000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01222000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x0142C000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01435000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x0145F000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x0146A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x014B6000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01603000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x014CA000 \SystemRoot\System32\Drivers\msrpc.sys
    0x017A6000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01528000 \SystemRoot\System32\Drivers\cng.sys
    0x017C0000 \SystemRoot\System32\drivers\pcw.sys
    0x017D1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0108A000 \SystemRoot\system32\drivers\ndis.sys
    0x0159B000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0117C000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01803000 \SystemRoot\System32\drivers\tcpip.sys
    0x011A7000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x017DB000 \SystemRoot\system32\DRIVERS\wd.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x017E3000 \SystemRoot\System32\Drivers\spldr.sys
    0x00DA7000 \SystemRoot\System32\drivers\rdyboost.sys
    0x017EB000 \SystemRoot\System32\Drivers\mup.sys
    0x01200000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01AB8000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01AF2000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01B08000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x04236000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x04260000 \SystemRoot\System32\Drivers\Null.SYS
    0x04269000 \SystemRoot\System32\Drivers\Beep.SYS
    0x04270000 \SystemRoot\System32\drivers\vga.sys
    0x0427E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x042A3000 \SystemRoot\System32\drivers\watchdog.sys
    0x042B3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x042BC000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x042C5000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x042CE000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x042D9000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x042EA000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04308000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x04315000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x0435A000 \SystemRoot\system32\drivers\afd.sys
    0x043E4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x01B46000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04000000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x043ED000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x01B6C000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x01B87000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x01B9B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x01BEC000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x01A00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x01A0B000 \SystemRoot\System32\drivers\discache.sys
    0x01A1A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x01A38000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x01A49000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x01A6B000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04A02000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x02E43000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x02F37000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x02F7D000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x02F8E000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x02F9F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02E00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02E24000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
    0x0447D000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x046A3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x046B0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x046CE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x046DD000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x04730000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04732000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04741000 \??\C:\Windows\system32\drivers\UBHelper.sys
    0x04749000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
    0x04751000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x04778000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04781000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x04786000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0479C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x047AC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x047C2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x047E6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x0442F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0444A000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x053DC000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0446B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0549C000 \SystemRoot\system32\DRIVERS\ks.sys
    0x054DF000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x054F1000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0554B000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05EE8000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x06131000 \SystemRoot\system32\drivers\portcls.sys
    0x0616E000 \SystemRoot\system32\drivers\drmk.sys
    0x06190000 \SystemRoot\system32\drivers\ksthunk.sys
    0x06196000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
    0x061DD000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04016000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x061EB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x000B0000 \SystemRoot\System32\win32k.sys
    0x05E00000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05E0C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05E29000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x05E57000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05E65000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x05E7E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05E87000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x05E94000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004F0000 \SystemRoot\System32\TSDDD.dll
    0x007A0000 \SystemRoot\System32\cdd.dll
    0x05EA2000 \SystemRoot\system32\drivers\luafv.sys
    0x05560000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x05575000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x055C8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x055DB000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02AC6000 \SystemRoot\system32\drivers\HTTP.sys
    0x02B8E000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02BAC000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02BC4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x02A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x07418000 \SystemRoot\system32\drivers\peauth.sys
    0x074BE000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x074C9000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x074F6000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07508000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x05400000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07571000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x77260000 \Windows\System32\ntdll.dll
    0x47D00000 \Windows\System32\smss.exe
    0xFF580000 \Windows\System32\apisetschema.dll
    0xFF7A0000 \Windows\System32\autochk.exe
    0xFF500000 \Windows\System32\gdi32.dll
    0xFF4F0000 \Windows\System32\lpk.dll
    0xFF450000 \Windows\System32\clbcatq.dll
    0xFF430000 \Windows\System32\sechost.dll
    0xFF350000 \Windows\System32\advapi32.dll
    0xFE5C0000 \Windows\System32\shell32.dll
    0xFE3B0000 \Windows\System32\ole32.dll
    0xFE280000 \Windows\System32\rpcrt4.dll
    0xFE020000 \Windows\System32\iertutil.dll
    0xFDFD0000 \Windows\System32\Wldap32.dll
    0xFDEA0000 \Windows\System32\wininet.dll
    0x77430000 \Windows\System32\psapi.dll
    0xFDDC0000 \Windows\System32\oleaut32.dll
    0xFDDA0000 \Windows\System32\imagehlp.dll
    0x77160000 \Windows\System32\user32.dll
    0xFDD70000 \Windows\System32\imm32.dll
    0xFDCD0000 \Windows\System32\comdlg32.dll
    0xFDC80000 \Windows\System32\ws2_32.dll
    0xFDBE0000 \Windows\System32\msvcrt.dll
    0x77420000 \Windows\System32\normaliz.dll
    0xFDA60000 \Windows\System32\urlmon.dll
    0xFDA50000 \Windows\System32\nsi.dll
    0xFD9D0000 \Windows\System32\difxapi.dll
    0xFD950000 \Windows\System32\shlwapi.dll
    0xFD880000 \Windows\System32\usp10.dll
    0x77040000 \Windows\System32\kernel32.dll
    0xFD6A0000 \Windows\System32\setupapi.dll
    0xFD590000 \Windows\System32\msctf.dll
    0xFD570000 \Windows\System32\devobj.dll
    0xFD530000 \Windows\System32\cfgmgr32.dll
    0xFD4C0000 \Windows\System32\KernelBase.dll
    0xFD480000 \Windows\System32\wintrust.dll
    0xFD310000 \Windows\System32\crypt32.dll
    0xFD270000 \Windows\System32\comctl32.dll
    0xFD260000 \Windows\System32\msasn1.dll

    Processes (total 74):
    0 System Idle Process
    4 System
    312 C:\Windows\System32\smss.exe
    444 csrss.exe
    508 C:\Windows\System32\wininit.exe
    528 csrss.exe
    576 C:\Windows\System32\services.exe
    600 C:\Windows\System32\lsass.exe
    608 C:\Windows\System32\lsm.exe
    632 C:\Windows\System32\winlogon.exe
    780 C:\Windows\System32\svchost.exe
    904 C:\Windows\System32\svchost.exe
    964 C:\Windows\System32\svchost.exe
    120 C:\Windows\System32\svchost.exe
    448 C:\Windows\System32\svchost.exe
    788 C:\Windows\System32\audiodg.exe
    740 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\svchost.exe
    1308 C:\Windows\System32\spoolsv.exe
    1372 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1412 C:\Windows\System32\svchost.exe
    1724 C:\Windows\System32\taskhost.exe
    1836 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    1908 C:\Windows\System32\dwm.exe
    1936 C:\Windows\explorer.exe
    2000 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    1184 C:\Windows\System32\svchost.exe
    1028 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    1584 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    1792 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    1776 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    1040 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    1344 C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
    1060 C:\Windows\System32\igfxtray.exe
    1876 C:\Windows\System32\hkcmd.exe
    1944 C:\Windows\System32\igfxpers.exe
    1736 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1476 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    2120 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    2592 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    2600 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    2608 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    2624 C:\Program Files (x86)\Launch Manager\LManager.exe
    2680 C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
    2708 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    2752 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2896 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2964 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    3020 C:\Program Files (x86)\Launch Manager\LMworker.exe
    3044 C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    2172 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    2100 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    1404 C:\Windows\System32\wbem\unsecapp.exe
    2152 WmiPrvSE.exe
    2736 C:\Windows\System32\igfxext.exe
    2812 C:\Windows\System32\igfxsrvc.exe
    3144 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    3368 C:\Windows\System32\SearchIndexer.exe
    3788 C:\Windows\System32\SearchProtocolHost.exe
    3888 C:\Windows\System32\SearchFilterHost.exe
    4056 C:\Windows\System32\svchost.exe
    2576 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1864 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    1176 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    3876 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    2560 C:\Windows\System32\conhost.exe
    4008 taskhost.exe
    4572 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    4704 <unknown>
    4752 C:\Windows\System32\sppsvc.exe
    4800 dllhost.exe
    4856 C:\Users\Mike\Downloads\MBRCheck.exe
    4868 C:\Windows\System32\conhost.exe
    4936 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD6400BEVT-22A0RT0, Rev: 01.01A01

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/01/2010 at 04:38 AM

    Application Version : 4.46.1000

    Core Rules Database Version : 5934
    Trace Rules Database Version: 3746

    Scan type : Complete Scan
    Total Scan Time : 00:27:15

    Memory items scanned : 315
    Memory threats detected : 0
    Registry items scanned : 11115
    Registry threats detected : 0
    File items scanned : 94605
    File threats detected : 0


    Btw thanks for the help. I'd say its driving me insane but honestly I dont use the computer anymore....just use it as a paperweight for the moment.
     
  4. credendum

    credendum TS Rookie Topic Starter

    I quick replied but I don't see it here...odd.

    Edit-- Sorry, I didn't notice the message that popped up stating the post has to be approved first. :/ In that case there should be two posts on the way.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    We'll start with fixing your MBR...

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  6. credendum

    credendum TS Rookie Topic Starter

    Tried following directions but after selecting language it states:
    Cant open cd driver CDRCACH SHSUCDX cant install.
    Error: Failure loading: Unable to find CD-ROM drive

    Then it says to reboot

    Edit- Tried the whole process over again, thinkin I might have messed up somewhere and I even made a new Cd-r but same error popped up.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    That's fine. It happens sometimes.
    We'll use different method...

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk.

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
     
  8. credendum

    credendum TS Rookie Topic Starter

    Ooook it took me a bit to get things going but the Windows 7 repair disc worked fine. Mbr check no longer says infected (woo!). Redirect seems to have stopped, as well as the slow down.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Acer
    BIOS Manufacturer: INSYDE
    System Manufacturer: Acer
    System Product Name: Aspire 5745
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 185):
    0x02C1F000 \SystemRoot\system32\ntoskrnl.exe
    0x031FB000 \SystemRoot\system32\hal.dll
    0x00BD2000 \SystemRoot\system32\kdcom.dll
    0x00CC9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D0D000 \SystemRoot\system32\PSHED.dll
    0x00D21000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00EEB000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F8F000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F9E000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FF5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00E00000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00E0A000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E3D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E4A000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E5F000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00E68000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00E74000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E89000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00D7F000 \SystemRoot\System32\drivers\mountmgr.sys
    0x010B3000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x012BD000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x012C6000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x012F0000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x012FB000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01347000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0144B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0135B000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01000000 \SystemRoot\System32\Drivers\cng.sys
    0x0141A000 \SystemRoot\System32\drivers\pcw.sys
    0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016AD000 \SystemRoot\system32\drivers\ndis.sys
    0x0179F000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01800000 \SystemRoot\System32\drivers\tcpip.sys
    0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01675000 \SystemRoot\system32\DRIVERS\wd.sys
    0x00D99000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0167D000 \SystemRoot\System32\Drivers\spldr.sys
    0x01073000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01685000 \SystemRoot\System32\Drivers\mup.sys
    0x01697000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x013B9000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01435000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01A7D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x04452000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x0447C000 \SystemRoot\System32\Drivers\Null.SYS
    0x04485000 \SystemRoot\System32\Drivers\Beep.SYS
    0x0448C000 \SystemRoot\System32\drivers\vga.sys
    0x0449A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x044BF000 \SystemRoot\System32\drivers\watchdog.sys
    0x044CF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x044D8000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x044E1000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x044EA000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x044F5000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x04506000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04524000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x04531000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x04576000 \SystemRoot\system32\drivers\afd.sys
    0x04200000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x04209000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x01ABB000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x01AD1000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x01AE0000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x01AFB000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x01B0F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x01B19000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x01B23000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x01B74000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x01B80000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x01B8B000 \SystemRoot\System32\drivers\discache.sys
    0x01B9A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x01BB8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x01BC9000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x01A00000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04A05000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x02E9C000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x02F90000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x02FD6000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x02FE7000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x02E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02E56000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02E7A000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
    0x0582F000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x05A55000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x05A62000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x05A80000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x05A8F000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x05AE2000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x05AE4000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x05AF3000 \??\C:\Windows\system32\drivers\UBHelper.sys
    0x05AFB000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
    0x05B03000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x05B2A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x05B33000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x05B38000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x05B4E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x05B5E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x05B74000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x05B98000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x05BA4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x05BD3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x05800000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x053DF000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x05821000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x01A26000 \SystemRoot\system32\DRIVERS\ks.sys
    0x05BEE000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04635000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0468F000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05E6B000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x060B4000 \SystemRoot\system32\drivers\portcls.sys
    0x060F1000 \SystemRoot\system32\drivers\drmk.sys
    0x06113000 \SystemRoot\system32\drivers\ksthunk.sys
    0x06119000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
    0x00050000 \SystemRoot\System32\win32k.sys
    0x06160000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0616C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x06189000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x061B7000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005B0000 \SystemRoot\System32\TSDDD.dll
    0x00690000 \SystemRoot\System32\cdd.dll
    0x05E00000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x05E54000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0422F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x061C5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x061D8000 \SystemRoot\system32\drivers\luafv.sys
    0x046A4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x046C1000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x046D6000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x04729000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0473C000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02A6D000 \SystemRoot\system32\drivers\HTTP.sys
    0x02B35000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02B53000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02B6B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x02B98000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x04754000 \SystemRoot\system32\drivers\peauth.sys
    0x02A23000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x02A2E000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x02A5B000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0567D000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x056E6000 \SystemRoot\System32\DRIVERS\srv.sys
    0x77700000 \Windows\System32\ntdll.dll
    0x483C0000 \Windows\System32\smss.exe
    0xFFA20000 \Windows\System32\apisetschema.dll
    0xFFA70000 \Windows\System32\autochk.exe
    0x778D0000 \Windows\System32\normaliz.dll
    0xFF970000 \Windows\System32\comdlg32.dll
    0xFF840000 \Windows\System32\rpcrt4.dll
    0xFF770000 \Windows\System32\usp10.dll
    0xFF560000 \Windows\System32\ole32.dll
    0x778C0000 \Windows\System32\psapi.dll
    0xFF430000 \Windows\System32\wininet.dll
    0xFF350000 \Windows\System32\oleaut32.dll
    0xFF2D0000 \Windows\System32\shlwapi.dll
    0xFF260000 \Windows\System32\gdi32.dll
    0xFF080000 \Windows\System32\setupapi.dll
    0xFF060000 \Windows\System32\imagehlp.dll
    0xFF010000 \Windows\System32\Wldap32.dll
    0x77600000 \Windows\System32\user32.dll
    0x774E0000 \Windows\System32\kernel32.dll
    0xFEFC0000 \Windows\System32\ws2_32.dll
    0xFEFB0000 \Windows\System32\nsi.dll
    0xFEEA0000 \Windows\System32\msctf.dll
    0xFEE00000 \Windows\System32\clbcatq.dll
    0xFEDE0000 \Windows\System32\sechost.dll
    0xFEB80000 \Windows\System32\iertutil.dll
    0xFEA00000 \Windows\System32\urlmon.dll
    0xFE9D0000 \Windows\System32\imm32.dll
    0xFE9C0000 \Windows\System32\lpk.dll
    0xFE8E0000 \Windows\System32\advapi32.dll
    0xFE860000 \Windows\System32\difxapi.dll
    0xFE7C0000 \Windows\System32\msvcrt.dll
    0xFDA30000 \Windows\System32\shell32.dll
    0xFDA10000 \Windows\System32\devobj.dll
    0xFD9D0000 \Windows\System32\cfgmgr32.dll
    0xFD860000 \Windows\System32\crypt32.dll
    0xFD7C0000 \Windows\System32\comctl32.dll
    0xFD780000 \Windows\System32\wintrust.dll
    0xFD710000 \Windows\System32\KernelBase.dll
    0xFD700000 \Windows\System32\msasn1.dll
    0x75FC0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 74):
    0 System Idle Process
    4 System
    296 C:\Windows\System32\smss.exe
    432 csrss.exe
    504 csrss.exe
    512 C:\Windows\System32\wininit.exe
    568 C:\Windows\System32\services.exe
    576 C:\Windows\System32\lsass.exe
    600 C:\Windows\System32\lsm.exe
    612 C:\Windows\System32\winlogon.exe
    716 C:\Windows\System32\svchost.exe
    836 C:\Windows\System32\svchost.exe
    924 C:\Windows\System32\svchost.exe
    968 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\svchost.exe
    340 C:\Windows\System32\audiodg.exe
    428 C:\Windows\System32\svchost.exe
    336 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\spoolsv.exe
    1280 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1324 C:\Windows\System32\svchost.exe
    1492 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1528 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1592 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    1652 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    1680 C:\Windows\SysWOW64\svchost.exe
    1704 C:\Windows\System32\svchost.exe
    1728 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    1764 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    1800 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    1852 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    1904 C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    1956 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1964 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    1984 C:\Windows\System32\conhost.exe
    820 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    2056 WmiPrvSE.exe
    2152 C:\Windows\System32\taskhost.exe
    2212 C:\Windows\System32\dwm.exe
    2232 C:\Windows\explorer.exe
    2412 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2424 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    2432 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    2440 C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
    2464 C:\Windows\System32\igfxtray.exe
    2472 C:\Windows\System32\wbem\unsecapp.exe
    2496 C:\Windows\System32\hkcmd.exe
    2516 C:\Windows\System32\igfxpers.exe
    2676 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2696 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    2708 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    3036 WmiPrvSE.exe
    916 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    2180 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    1604 C:\Windows\System32\igfxsrvc.exe
    2120 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    3124 C:\Program Files (x86)\Launch Manager\LManager.exe
    3236 C:\Windows\System32\igfxext.exe
    3276 C:\Windows\System32\SearchIndexer.exe
    3328 C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
    3372 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    3408 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3640 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    3648 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3732 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3800 C:\Program Files (x86)\Launch Manager\LMworker.exe
    3808 C:\Windows\System32\SearchProtocolHost.exe
    3852 C:\Windows\System32\SearchFilterHost.exe
    3476 C:\Windows\System32\svchost.exe
    3196 dllhost.exe
    2816 dllhost.exe
    2736 dllhost.exe
    4052 C:\Users\Mike\Downloads\MBRCheck.exe
    2568 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD6400BEVT-22A0RT0, Rev: 01.01A01

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good news :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. credendum

    credendum TS Rookie Topic Starter

    Decided to attach the logs in the hopes that I do not have to keep begging Matthew to approve my posts. I hope that is ok.
     

    Attached Files:

  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    No, it's not.
    I'm receiving email notifications about your replies and, if your reply needs to be approved, I'll certainly do so, as soon, as I get there.
     
  12. credendum

    credendum TS Rookie Topic Starter

    Alllllright.

    OTL logfile created on: 12/1/2010 9:33:04 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Mike\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 583.07 Gb Total Space | 553.05 Gb Free Space | 94.85% Space Free | Partition Type: NTFS
    Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/01 21:32:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Downloads\OTL.exe
    PRC - [2010/10/27 00:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/06/28 16:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2010/06/28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2010/06/25 15:38:02 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
    PRC - [2010/06/22 00:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2010/06/22 00:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2010/06/22 00:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2010/04/16 18:51:32 | 000,144,640 | ---- | M] (NTI, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/02/03 00:19:52 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/02/03 00:19:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/01 21:32:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Downloads\OTL.exe
    MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\FastUv32.dll -- (FastUserSwitchingCompatibility)
    SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2010/04/22 11:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
    SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/12/01 04:50:13 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\FastUv32.dll -- (FastUserSwitchingCompatibility)
    SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/06/28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2010/06/22 00:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2010/04/16 18:51:32 | 000,144,640 | ---- | M] (NTI, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
    SRV - [2010/04/16 18:51:22 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
    SRV - [2010/04/03 17:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010/02/03 00:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/02/03 00:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/12/01 04:01:19 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010/08/02 16:10:08 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2010/06/09 22:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2010/05/20 00:10:44 | 000,076,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010/05/11 04:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/04/28 00:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2010/04/28 00:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2010/04/22 03:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/04/20 21:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/26 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2010/02/02 16:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 97 BD D7 44 90 CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========



    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/29 22:18:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/29 22:45:30 | 000,000,000 | ---D | M]

    [2010/11/29 22:19:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
    [2010/11/29 22:19:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\tl1vn61l.default\extensions
    [2010/11/29 22:18:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/11/29 23:43:24 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found
    O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 24.217.0.5 24.217.201.67 68.113.206.10
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: FastUserSwitchingCompatibility - C:\Windows\SysNative\FastUv32.dll File not found
    NetSvcs: FastUserSwitchingCompatibility - C:\Windows\SysWOW64\FastUv32.dll ()

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/01 04:03:45 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com
    [2010/12/01 04:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/12/01 04:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/12/01 04:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/11/30 00:46:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Avira
    [2010/11/30 00:41:51 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2010/11/30 00:41:51 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2010/11/30 00:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2010/11/30 00:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [2010/11/29 22:49:44 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\acccore
    [2010/11/29 22:49:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\AOL
    [2010/11/29 22:49:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\AIM
    [2010/11/29 22:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
    [2010/11/29 22:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
    [2010/11/29 22:45:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
    [2010/11/29 22:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
    [2010/11/29 22:26:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft Games
    [2010/11/29 22:20:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
    [2010/11/29 22:20:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/29 22:20:41 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/29 22:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/29 22:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/29 22:18:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Mozilla
    [2010/11/29 22:18:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Mozilla
    [2010/11/29 22:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2010/11/29 22:13:02 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Adobe
    [2010/11/29 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
    [2010/11/29 22:08:34 | 000,000,000 | ---D | C] -- C:\book
    [2010/11/29 22:08:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Google
    [2010/11/29 22:02:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2010/11/29 22:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
    [2010/11/29 22:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
    [2010/11/29 21:58:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2010/11/29 21:56:08 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
    [2010/11/29 20:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2010/11/29 20:47:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Macromedia
    [2010/11/29 20:43:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Cyberlink
    [2010/11/29 20:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
    [2010/11/29 20:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Arcade Deluxe
    [2010/11/29 20:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
    [2010/11/29 20:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
    [2010/11/29 20:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2010/11/29 20:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
    [2010/11/29 20:39:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [2010/11/29 20:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
    [2010/11/29 20:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
    [2010/11/29 20:39:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2010/11/29 20:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2010/11/29 20:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2010/11/29 20:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
    [2010/11/29 20:30:47 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Liteon
    [2010/11/29 20:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Crystal Eye webcam
    [2010/11/29 20:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
    [2010/11/29 20:29:47 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Intel Corporation
    [2010/11/29 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\EgisTec IPS
    [2010/11/29 20:24:02 | 000,000,000 | R--D | C] -- C:\Users\Mike\Searches
    [2010/11/29 20:24:02 | 000,000,000 | -H-D | C] -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2010/11/29 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Identities
    [2010/11/29 20:23:18 | 000,000,000 | R--D | C] -- C:\Users\Mike\Contacts
    [2010/11/29 20:23:18 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\VirtualStore
    [2010/11/29 20:22:13 | 000,000,000 | --SD | C] -- C:\Users\Mike\AppData\Roaming\Microsoft
    [2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Videos
    [2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Saved Games
    [2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Pictures
    [2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Music
    [2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Links
    [2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Favorites
    [2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Downloads
    [2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\My Documents
    [2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Desktop
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Temporary Internet Files
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Templates
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Start Menu
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\SendTo
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Recent
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\PrintHood
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\NetHood
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Videos
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Pictures
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Music
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\My Documents
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Local Settings
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\History
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Cookies
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Application Data
    [2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Application Data
    [2010/11/29 20:22:13 | 000,000,000 | -H-D | C] -- C:\Users\Mike\AppData
    [2010/11/29 20:22:13 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Temp
    [2010/11/29 20:22:13 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft
    [2010/11/29 20:22:13 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Media Center Programs
    [2010/11/29 20:21:49 | 000,000,000 | -HSD | C] -- C:\Recovery

    ========== Files - Modified Within 30 Days ==========

    [2010/12/01 21:04:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/01 21:04:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/01 21:01:40 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/12/01 21:01:40 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/12/01 21:01:40 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/12/01 20:56:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/01 20:55:38 | 2962,300,928 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/01 04:50:13 | 000,053,248 | ---- | M] () -- C:\Windows\SysWow64\FastUv32.dll
    [2010/12/01 04:03:34 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/12/01 04:01:19 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2010/11/30 00:42:05 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/11/29 23:49:51 | 000,000,355 | ---- | M] () -- C:\Users\Mike\Desktop\Computer - Shortcut.lnk
    [2010/11/29 23:43:24 | 000,000,797 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2010/11/29 22:49:43 | 000,000,362 | -H-- | M] () -- C:\IPH.PH
    [2010/11/29 22:45:36 | 000,001,941 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2010/11/29 22:45:36 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
    [2010/11/29 22:20:48 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/29 22:20:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2010/11/29 22:20:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2010/11/29 22:19:27 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
    [2010/11/29 22:18:54 | 000,001,967 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/29 22:18:54 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/29 22:12:35 | 000,001,441 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/29 22:10:16 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
    [2010/11/29 22:07:27 | 000,015,744 | ---- | M] () -- C:\Windows\SysNative\results.xml
    [2010/11/29 22:04:46 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
    [2010/11/29 21:56:08 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
    [2010/11/29 20:29:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2010/12/01 04:50:13 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FastUv32.dll
    [2010/12/01 04:03:34 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/30 00:42:05 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/11/29 23:49:51 | 000,000,355 | ---- | C] () -- C:\Users\Mike\Desktop\Computer - Shortcut.lnk
    [2010/11/29 22:45:36 | 000,001,941 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2010/11/29 22:45:36 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
    [2010/11/29 22:45:15 | 000,000,362 | -H-- | C] () -- C:\IPH.PH
    [2010/11/29 22:20:48 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/29 22:19:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/11/29 22:18:54 | 000,001,967 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/29 22:18:54 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/29 22:12:35 | 000,001,441 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/29 22:10:16 | 000,000,184 | ---- | C] () -- C:\Windows\LMv4.UNI
    [2010/11/29 22:07:27 | 000,015,744 | ---- | C] () -- C:\Windows\SysNative\results.xml
    [2010/11/29 22:04:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\PLD_Framework.cmd
    [2010/11/29 21:58:55 | 2962,300,928 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/29 21:57:27 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
    [2010/11/29 20:42:22 | 000,015,865 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe4.log
    [2010/11/29 20:29:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
    [2010/11/29 20:22:13 | 000,000,290 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2010/11/29 20:22:13 | 000,000,272 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2010/08/03 04:08:03 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/08/03 04:08:03 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/11/29 22:50:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\acccore
    [2010/11/29 20:30:47 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Liteon
    [2009/07/13 23:08:49 | 000,005,124 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2010/08/03 04:10:46 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/12/01 20:55:38 | 2962,300,928 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/29 22:49:43 | 000,000,362 | -H-- | M] () -- C:\IPH.PH
    [2010/12/01 20:55:57 | 3949,735,936 | -HS- | M] () -- C:\pagefile.sys
    [2010/08/03 03:20:17 | 000,002,282 | ---- | M] () -- C:\RHDSetup.log

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/11/29 22:12:35 | 000,000,221 | -HS- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/11/29 20:24:29 | 000,000,402 | -HS- | M] () -- C:\Users\Mike\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/11/29 20:46:46 | 000,015,865 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe4.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  13. credendum

    credendum TS Rookie Topic Starter

    OTL Extras logfile created on: 12/1/2010 9:33:04 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Mike\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 583.07 Gb Total Space | 553.05 Gb Free Space | 94.85% Space Free | Partition Type: NTFS
    Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
    "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
    "{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
    "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "Acer Game Console" = Acer Game Console
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AIM_7" = AIM 7
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Identity Card" = Identity Card
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "WildTangent acer Master Uninstall" = Acer Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WT088295" = Agatha Christie - Death on the Nile
    "WT088300" = Bejeweled 2 Deluxe
    "WT088310" = Build-a-lot 2
    "WT088312" = Chuzzle Deluxe
    "WT088318" = Diner Dash 2 Restaurant Rescue
    "WT088350" = Jewel Quest Solitaire 2
    "WT088364" = Plants vs. Zombies
    "WT088373" = Blackhawk Striker 2
    "WT088393" = Dora's Carnival Adventure
    "WT088413" = FATE
    "WT088445" = John Deere Drive Green
    "WT088449" = Penguins!
    "WT088453" = Polar Bowler
    "WT088457" = Polar Golfer
    "WT088517" = Zuma's Revenge
    "WT088553" = Virtual Villagers 4 - The Tree of Life
    "WT088649" = 18 Wheels of Steel - American Long Haul
    "WT088653" = Jewel Quest - Heritage

    ========== Last 10 Event Log Errors ==========

    [ System Events ]
    Error - 11/29/2010 11:59:43 PM | Computer Name = Mike-PC | Source = NetBT | ID = 4321
    Description = The name "MIKE-PC :0" could not be registered on the interface
    with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not
    allow the name to be claimed by this computer.

    Error - 11/30/2010 12:01:18 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Acer
    ODD Power Service service to connect.

    Error - 11/30/2010 12:01:18 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
    Description = The Acer ODD Power Service service failed to start due to the following
    error: %%1053

    Error - 11/30/2010 12:04:35 AM | Computer Name = Mike-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 10:01:48 PM on ?11/?29/?2010 was unexpected.

    Error - 11/30/2010 12:04:48 AM | Computer Name = Mike-PC | Source = NetBT | ID = 4321
    Description = The name "MIKE-PC :0" could not be registered on the interface
    with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not
    allow the name to be claimed by this computer.

    Error - 11/30/2010 12:05:38 AM | Computer Name = Mike-PC | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{873743D8-7D7C-4D29-9A11-B0EB87BE8DD5}
    because another computer on the network has the same name. The server could not
    start.

    Error - 11/30/2010 12:05:38 AM | Computer Name = Mike-PC | Source = NetBT | ID = 4321
    Description = The name "MIKE-PC :20" could not be registered on the interface
    with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not
    allow the name to be claimed by this computer.

    Error - 11/30/2010 12:45:37 AM | Computer Name = Mike-PC | Source = NetBT | ID = 4321
    Description = The name "MIKE-PC :0" could not be registered on the interface
    with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not
    allow the name to be claimed by this computer.

    Error - 11/30/2010 12:45:37 AM | Computer Name = Mike-PC | Source = NetBT | ID = 4321
    Description = The name "MIKE-PC :0" could not be registered on the interface
    with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not
    allow the name to be claimed by this computer.

    Error - 11/30/2010 12:49:35 AM | Computer Name = Mike-PC | Source = NetBT | ID = 4321
    Description = The name "MIKE-PC :0" could not be registered on the interface
    with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not
    allow the name to be claimed by this computer.


    < End of report >
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. credendum

    credendum TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 593627 bytes
    ->Temporary Internet Files folder emptied: 6655212 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 67893648 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 149373 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 892 bytes

    Total Files Cleaned = 72.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Mike
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12012010_224156

    Files\Folders moved on Reboot...
    C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 9.1 MUI
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

    ``````````End of Log````````````

    Eset doesnt look too good. :/

    C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC271X\Vista\RtlUpd.exe probably a variant of Win32/Agent.KJZBIGF trojan
    C:\Windows\System32\FastUv32.dll a variant of Win32/Wimpixo.AA trojan
    C:\Windows\SysWOW64\FastUv32.dll a variant of Win32/Wimpixo.AA trojan
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC271X\Vista\RtlUpd.exe 
      C:\Windows\System32\FastUv32.dll 
      C:\Windows\SysWOW64\FastUv32.dll
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  17. credendum

    credendum TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC271X\Vista\RtlUpd.exe moved successfully.
    C:\Windows\System32\FastUv32.dll moved successfully.
    File\Folder C:\Windows\SysWOW64\FastUv32.dll not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 516171 bytes
    ->Temporary Internet Files folder emptied: 432798 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 43643404 bytes
    ->Flash cache emptied: 456 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 608 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 43.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Mike
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12012010_235241

    Files\Folders moved on Reboot...
    C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 412212 bytes
    ->Temporary Internet Files folder emptied: 187051 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 16287644 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 524288 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 17.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Mike
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.17.3 log created on 12012010_235749

    Files\Folders moved on Reboot...
    C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\TMP0000000106B1A7CDF069EED2 not found!

    Registry entries deleted on Reboot...

    Thanks so much for your time and your quick responses.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Whenever ready....
     
  19. credendum

    credendum TS Rookie Topic Starter

    Sorry! I was so excited to have it working again I must have skipped that one. In the process of following the other steps at the moment to be better protected.

    As far as I can tell it is working fine. I'm going to run some scans and see if anything pops up again, but the redirects have stopped and so has the lag.

    I was wondering, about changing the passwords for sites...if I didn't visit the site while this problem was occurring do I have to worry about changing it? Should I go ahead and change them all just to be safe?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Yes, I'd do so.

    Well done :)

    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...