Hoping My system is clear

PSherman · October 9, 2010

Was infected with a "trojan.dropped" virus and followed the "I'm infected, what now?" instructions and here are the zip files for the DSS/GMER files and the latest MBAM Log.

The Ark log did not work as I received an error message saying that the process was being used by another program (?)

Otherwise, all other directions were followed as best I could manage.

Not sure what to do from here and hopefully I've done everything correctly. Thanks.

The last MBAM Log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4783

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

10/9/2010 1:33:13 AM

mbam-log-2010-10-09 (01-33-13).txt

Scan type: Quick scan

Objects scanned: 137639

Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attach.txt.zip

DDS.txt.zip

Maurice Naggar · October 10, 2010

Hello PSherman,

Kindly do NOT put logs into zip files, nor use the attachment feature. Just always Copy & Paste logs directly into main body of reply-text-box.

If needed use separate replies. While I downloaded your zipped report files, I was unable to open them. Further, one does not want to open any download files from a "suspect" (infected) system.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

Click the Start button, and then click Computer.
On the Organize menu, click Folder and Search Options.
Click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders.
Click Apply > OK.

Step 3

Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

Step 4

Using Internet Explorer browser only, go to ESET Online Scanner website:

Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.
The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://www.eset.com/onlinescan/cac4.php?page=faq
- From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
  Otherwise the scan will take twice as long to do:
  everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
- It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
  (And the prompt re-enabling when finished.)
- If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

Step 5

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

the contents of OTL.txt;
the contents of Extras.txt ; and
the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

PSherman · October 11, 2010

Thank you Maurice for the help and for the heads up on the attachments. Hopefully I won't have to do this again!

The Windows Security was disabled to allow for the other scan.

Thanks again for your time.

Here are the codes:

OTL logfile created on: 10/11/2010 1:11:08 AM - Run 1

OTL by OldTimer - Version 3.2.15.0 Folder = C:\Users\Brandon\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111.44 Gb Total Space | 69.25 Gb Free Space | 62.14% Space Free | Partition Type: NTFS

Drive D: | 111.44 Gb Total Space | 111.12 Gb Free Space | 99.71% Space Free | Partition Type: NTFS

Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/11 01:10:05 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Downloads\OTL.exe

========== Modules (SafeList) ==========

MOD - [2010/10/11 01:10:05 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)

SRV:64bit: - [2008/01/20 21:52:15 | 001,216,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/10/18 01:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/07/16 20:30:46 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)

SRV - [2007/01/19 14:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - [2010/07/16 20:30:55 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)

DRV:64bit: - [2010/07/16 20:30:41 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)

DRV:64bit: - [2010/06/02 18:25:53 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/07/28 22:44:20 | 000,314,880 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2008/07/28 02:55:28 | 001,146,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)

DRV:64bit: - [2008/07/10 21:29:08 | 007,912,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2008/06/29 16:52:44 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2008/06/11 20:29:30 | 000,051,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)

DRV:64bit: - [2008/05/12 23:48:38 | 000,062,424 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)

DRV:64bit: - [2008/04/15 19:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

DRV:64bit: - [2008/04/01 02:00:40 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8187Se.sys -- (RTL8187Se)

DRV:64bit: - [2008/02/21 12:55:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)

DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)

DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2007/11/01 04:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2007/11/01 04:19:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2007/11/01 04:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2007/10/18 01:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)

DRV:64bit: - [2007/10/14 23:53:18 | 000,090,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2007/10/14 23:53:18 | 000,019,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2007/10/14 23:53:16 | 000,117,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2007/07/26 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2007/05/23 19:47:28 | 000,020,784 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV:64bit: - [2007/05/17 04:38:06 | 000,033,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2007/04/26 04:38:44 | 000,305,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2006/06/19 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)

DRV - [2003/10/01 08:29:50 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\ACER\Preload\Autorun\DRV\Foxconn Bluetooth BCM2045NMD\INT15.SYS -- (int15.sys)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...8&m=m-7315u

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...8&m=m-7315u

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)

O4 - HKLM..\Run: [EarthLink Installer] File not found

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)

O4 - HKCU..\Run: [EPSON Stylus CX7400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICDA.EXE File not found

O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\MSN Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKLM..\RunOnce: [New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\LaunchAlaunchX.exe (Acer Inc.)

O4 - Startup: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.165.129.158

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/10 23:17:58 | 000,000,000 | -HSD | C] -- C:\found.000

[2010/10/10 18:39:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2010/10/10 18:31:59 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Apple Computer

[2010/10/10 18:19:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/10/10 18:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2010/10/08 21:55:40 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Malwarebytes

[2010/10/07 21:26:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/10/07 21:26:15 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/10/07 21:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/10/07 21:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/10/07 21:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2010/10/05 22:02:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/10/05 19:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/10/05 19:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/10/05 19:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010/10/05 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010/10/05 19:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/10/05 19:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010/10/05 19:46:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/09/14 18:52:27 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL

[2010/09/14 18:52:27 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL

[2010/09/14 18:52:15 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

========== Files - Modified Within 30 Days ==========

[2010/10/11 01:10:44 | 002,097,152 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat

[2010/10/11 00:14:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/11 00:12:54 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2010/10/11 00:12:54 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2010/10/11 00:10:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/10/11 00:10:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/10/11 00:09:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml

[2010/10/11 00:09:37 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/11 00:09:37 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/10 22:42:17 | 000,000,905 | ---- | M] () -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2010/10/10 22:42:12 | 000,000,725 | ---- | M] () -- C:\Users\Brandon\Desktop\NTREGOPT.lnk

[2010/10/10 22:42:12 | 000,000,706 | ---- | M] () -- C:\Users\Brandon\Desktop\ERUNT.lnk

[2010/10/10 18:13:24 | 065,897,506 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2010/10/09 02:15:02 | 000,000,112 | ---- | M] () -- C:\Users\Brandon\Documents\Ark.zip

[2010/10/09 01:42:42 | 000,000,000 | ---- | M] () -- C:\Users\Brandon\defogger_reenable

[2010/10/07 21:26:18 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/07 21:06:38 | 000,507,400 | ---- | M] () -- C:\Users\Brandon\Desktop\sdasetup[1].exe

[2010/10/06 21:30:40 | 000,000,276 | ---- | M] () -- C:\Users\Brandon\AppData\Roaming\wklnhst.dat

[2010/10/05 22:01:58 | 620,316,207 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/10/05 19:53:54 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/10/05 19:49:22 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/10/05 19:44:42 | 000,001,866 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/10/05 19:44:41 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2010/09/22 19:58:57 | 000,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat

[2010/09/14 19:08:07 | 000,000,265 | ---- | M] () -- C:\Windows\win.ini

========== Files Created - No Company Name ==========

[2010/10/10 18:18:25 | 000,000,905 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2010/10/10 18:18:15 | 000,000,725 | ---- | C] () -- C:\Users\Brandon\Desktop\NTREGOPT.lnk

[2010/10/10 18:18:14 | 000,000,706 | ---- | C] () -- C:\Users\Brandon\Desktop\ERUNT.lnk

[2010/10/09 02:15:02 | 000,000,112 | ---- | C] () -- C:\Users\Brandon\Documents\Ark.zip

[2010/10/09 01:42:42 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\defogger_reenable

[2010/10/07 21:26:18 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/07 21:06:39 | 000,507,400 | ---- | C] () -- C:\Users\Brandon\Desktop\sdasetup[1].exe

[2010/10/05 22:01:58 | 620,316,207 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/10/05 19:53:54 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/10/05 19:49:22 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2009/06/15 00:34:15 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/06/15 00:33:04 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/04/29 22:13:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/04/05 00:35:13 | 000,023,888 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\UserTile.png

[2009/02/05 23:24:50 | 000,006,144 | ---- | C] () -- C:\Users\Brandon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/01 18:35:21 | 000,000,276 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\wklnhst.dat

[2009/02/01 17:29:00 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2009/02/01 17:27:46 | 000,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini

[2009/01/25 21:59:41 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2009/02/01 17:39:00 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Leadertech

[2010/06/15 21:41:11 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Namco

[2009/04/05 00:35:13 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\PeerNetworking

[2009/06/15 22:43:34 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\PlayFirst

[2009/02/21 13:42:42 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Sierra

[2009/02/01 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Template

[2009/02/05 23:26:44 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\WildTangent

[2010/10/11 00:10:21 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 10/11/2010 1:11:08 AM - Run 1

OTL by OldTimer - Version 3.2.15.0 Folder = C:\Users\Brandon\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111.44 Gb Total Space | 69.25 Gb Free Space | 62.14% Space Free | Partition Type: NTFS

Drive D: | 111.44 Gb Total Space | 111.12 Gb Free Space | 99.71% Space Free | Partition Type: NTFS

Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 96 86 17 57 7E ED C9 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{076396F7-538C-4ECC-BFC4-A35E6E006B5D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{17DF9A7B-A1B6-4DA9-BE4B-4FF5CF998399}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{1C74EF35-05E2-4039-A4D2-E4B36E8683B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5DB66B2B-D29E-4122-9325-21453774AF03}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{74D7F510-24BF-460F-AE29-C00AD49C5CC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7C36E6A5-D5B4-47C7-BAAA-2CDB98F8DCEE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{89C390F7-1A17-4641-B3AB-57008AC65055}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{975D095A-E4FE-4AF1-891C-9901E5430CD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D4FFDC78-E496-4707-93F8-391B5BB92763}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{F28BCFF9-154C-4310-8981-EC4C7A0D1DB0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{17057282-19C1-4CAF-9294-3FA488025EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{4E5695EE-2E1F-42D9-A9F5-A5DCD720EE77}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |

"{5A1D4005-10A5-42CE-A887-4F80198014C5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{5B4112DA-CB4D-4B37-B2EF-DE0EE64B0787}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |

"{64728638-4C06-47C4-A135-DB4D15B18EF2}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |

"{6A112C79-8367-4879-849C-292FE9DCAF89}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{70C52E65-FF12-4B5F-BBEE-F4B88D0D90E8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{732607CD-D6FD-40F5-A677-CAE03CF722D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{8E6DE4F6-9C3B-4A4C-A203-CDEFAD4A2B62}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |

"{96A8794D-328E-404A-9804-4D8075E26FE0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{A7B6C734-CCC1-411F-93DB-D094481E562B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{CC6D2C12-B453-41A9-ADB5-66E5C50DD3BD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{D4774E6E-2F83-4920-81DA-43F9C1052130}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"TCP Query User{A6C1CD3E-5234-4473-BBD6-BCCE1C5B2D44}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{6924BD17-2BC0-4A74-93E7-60DA69C80A8C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes

"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support

"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour

"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Maurice Naggar · October 12, 2010

One security update for Adobe Reader:

Start Adobe Reader. Go to the Help menu. Select Check for Updates. Let it get and install the latest version 9.4 of Reader.

When it finishes, logoff and restart the system.

My oversight. Kindly get a copy of the Eset scan log and copy into next reply.

The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner sub-tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

Trend Micro Sysclean Package
Make sure you read this document to understand how to use the program.
Trend Micro Sysclean Package README 1st
Basically there are 2 parts that need to be downloaded and SAVED from these links:
- Download Sysclean Package
- Download Malware CPR (Windows Virus Pattern) Files that will be a LPTxxx.ZIP file

Create a brand new folder to copy these files to.
As an example: C:\DCE
Then open each of the zipped archive files and extract their contents to C:\DCE
Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.
After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.

How To Use Compressed (Zipped) Folders in Windows XP

Compress and uncompress files (zip files) in Vista

latest MBAM scan log

the Sysclean log

and tell me, How is your system now ?

PSherman · October 14, 2010

Sorry for the delay in reply, I was out of town.

I tried to run the Sysclean scan and it did okay for about 2 1/2 hours.

After 2+ hours it found several viruses including a trojan_java.as and around 5 others (the list moved pretty fast so I wasn't able to see many of them and I didn't want to mess with anything until the scan was completed, so I couldn't write them down).

Unfortunately, the scanner and computer froze up completely shortly after finding these viruses and it freezes up during the ESET scan as well.

The scanner, timer and everything on both programs freezes and the computer will not respond to anything (minimizing, maximizing, etc.)

As it was late I did not attempt to run the Sysclean scan again.

Should I try running it a second time to see if those malware/viruses have been taken care of? Or is there another action I should take?

Thank you.

Maurice Naggar · October 14, 2010

Do not run Sysclean or Eset (again). I'd like for you to run Temp File Cleaner to insure temp files are removed, followed by a report with HijackThis.

Save and close first any open documents.

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
IF prompted to Reboot, reply "Yes".

Download and SAVE HijackThis

Save the HJT to your desktop or the folder of your choice, then navigate to that folder and double-click Hijackthis.exe to start it.

Do a "Scan and Save log".

Reply with copy of the HijackThis log.

Tell me if you ran MBAM and if yes, then a copy of the latest MBAM log.

PSherman · October 15, 2010

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:03:51 PM, on 10/14/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18975)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\MSN Messenger\msnmsgr.exe

C:\Program Files\Camera Assistant Software for Gateway\traybar.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\Users\Brandon\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...8&m=m-7315u

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"

O4 - HKLM\..\Run: [EarthLink Installer] " /C

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE /FU "C:\Windows\TEMP\E_SAE4C.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4783

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

10/9/2010 1:33:13 AM

mbam-log-2010-10-09 (01-33-13).txt

Scan type: Quick scan

Objects scanned: 137639

Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Maurice Naggar · October 15, 2010

The MBAM result is very encouraging.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close your browsers.

start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Go to http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Scan the system with the Kaspersky Online Scanner

Attention: Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have Anti-Virus software installed, please temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

During this run, make sure your browser does not block popup windows. Have patience while some screens populate.

Read the Information block presented on the screen, and then press the Accept button.

1) Accept the agreement

2) The necessary files will be downloaded and installed. Please have plenty of patience.

3) After Kaspersky AntiVirus Database is updated, look at the Scan box.

4) Click the My Computer line

5 ) Be infinetely patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares

6) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Copy and paste the report into your reply.

( To see an animated tutorial-how-to on the scan, see >>this link<<)

Re-enable your antivirus program after Kaspersky has finished.

Do not be alarmed if Kaspersky tags items that are already in quarantine by MBAM, or other quarantine.

Kaspersky is a report only and does not remove files.

Post back with copies of the Kaspersky.txt report.

How is your system now

Kapersky Online Scanner can be uninstalled later on from Add or Remove Programs in the Control Panel, if desired.

PSherman · October 18, 2010

The download and update on kaspersky went well (and all other antivirus/spyware programs were disabled as well as the pop up blocker), but I had the same problem with this scan as I did with the other.

It was able to scan fine for around 2hrs. 29min. and suddenly froze up, and did not respond.

I don't notice them getting stuck on any one specific file.

It seems that it's related more to the computer being used for 2 hrs. or more.

Not sure what to make of this?

Maurice Naggar · October 20, 2010

If this system is a notebook, make sure it is connected to AC power.

Let's have you update MBAM and then do a full scan.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner sub-tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Re-enable the antivirus program when done.

Reply with copy of the MBAM scan log.

PSherman · October 23, 2010

Here is the copy of the full MBAM scan:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4920

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

10/22/2010 7:19:10 PM

mbam-log-2010-10-22 (19-19-10).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 296900

Time elapsed: 1 hour(s), 8 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Maurice Naggar · October 23, 2010

Temporarily turn off your AVG antivirus program.

Please download

Rootkit Unhooker and save it to your desktop.
Double-click RKUnhookerLE.exe to run it. If running Windows 7 or Vista, do a Right-Click on RKUnhookerLE and select Run As Administrator.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close
This log may be very large so please use multiple posts if need be.

Note:You may get this warning. If so, please ignore it.

"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

Copy the entire contents of the report and paste it in a reply here for review.

PSherman · October 30, 2010

I again apologize for the delay in reply.

When I attempted to run the Rootkit Unhooker (after disabling AVG and saving the unhooker to my desktop and running it as administrator) I receive a message saying:

"Error loading driver NT status Code: Oxcoooo36b"

As far as I know all the antivirus, antispyware anything I have on the computer has been disabled.

????

PSherman · October 30, 2010

I again apologize for the delay in reply.

When I attempted to run the Rootkit Unhooker (after disabling AVG and saving the unhooker to my desktop and running it as administrator) I receive a message saying:

"Error loading driver NT status Code: Oxcoooo36b"

As far as I know all the antivirus, antispyware anything I have on the computer has been disabled.

Maurice Naggar · October 30, 2010

Scratch the run of RootkitUnhooker.

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

========================================================

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

========================================================

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
Save it where you can easily find it, such as your desktop.

Reply with copy of GMER log

and advise, How is your system now?

PSherman · November 20, 2010

Here are the results of the Gmer scan:

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-11-19 22:42:11

Windows 6.0.6002 Service Pack 2

Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ccfdec9

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ccfdec9 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Hoping My system is clear

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information