I thought I removed it...what do I do now?

morphemes · December 18, 2010

Hi everyone,

I run Windows 7, 32bit. About a week ago, I noticed a strange folder in the recently accessed list when I right clicked Windows Explorer (screen print: http://i53.tinypic.com/xppohe.png). What was worrying was that its location was supposedly on my desktop (yet there was nothing there; when I click on it a message tells me "Windows is trying to locate it"), it had 0 bytes and no accessed/modified/created stats. Thinking I had a virus/malware of some sort, I ran all my scans (SuperAntiSpyware, MBAM, Dr Web, ESET) in safe mode where only SuperAntiSpyware was able to pick up a trojan on my computer (in a C drive file and the registry) and remove it. I ran the scans again, and everything came up clean.

Despite removing the trojan entry, the folder popped up again in my recently accessed list, so my computer guy reinstalled Windows and reformatted C drive only yesterday (all my music/videos are located on the D and E drives). Previously, I was internet browsing on the account with administrative rights, so it seemed safe to set up a standard account to browse the web with. The data on the E/D drives appears on both accounts.

Cut to today: all is running smoothly yet the folder popped up in the accessed list once again. The folder only appears in my standard user account. Did the same scans and everything's clean.

My internet browsing experience is fine - i.e. no google redirect or pop ups and so on, and no one else uses this computer.

I'm not sure what my next step should be. Should I also completely wipe/reformat all drives and reinstall Windows once again?

Any help would be greatly appreciated. :rolleyes:

I also tried making a DDS log, but the notepad entry just had gibberish.

Gammo · December 21, 2010

Hi,

Try running DDS again:

Please download DDS and save it to your desktop.

Disable any script blocking protection.
Double click dds.com to run the tool..
When done, DDS will open two logs (DDS.txt and Attach.txt).
Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Rootkit Unhooker and save it to your Desktop

Double-click on RKUnhookerLE to run it
Click the Report tab, then click Scan
Check Drivers, Stealth Code and uncheck the rest
Click OK
Wait until it's finished and then go to File > Save Report
Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

morphemes · December 22, 2010

Hi Gammo, thanks for your response. Running DDS still seems to have the same response. I've attached it instead because it's an eyeful to look at. My Rootkit report is pasted below:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows 7

Version 6.1.7600

Number of processors #6

==============================================

>Drivers

==============================================

0x9201C000 C:\Windows\system32\DRIVERS\atikmdag.sys 6893568 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)

0x82E40000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)

0x82E40000 PnpManager 4259840 bytes

0x82E40000 RAW 4259840 bytes

0x82E40000 WMIxWDM 4259840 bytes

0x98A27000 C:\Windows\system32\drivers\RTKVHDA.sys 2969600 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x994D0000 Win32k 2404352 bytes

0x994D0000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8C004000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)

0x8BC01000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)

0x91C13000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1146880 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)

0x926AF000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8BE1D000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)

0x8B88B000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)

0x97CED000 C:\Windows\system32\DRIVERS\eamonm.sys 679936 bytes (ESET, Amon monitor)

0xA0A07000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x98E29000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x8B936000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0x91414000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)

0x8BD6E000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)

0x91658000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xA0B51000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)

0xA0B02000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x91548000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8BA6B000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8B9B5000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)

0x97D93000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x97C1E000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x8B849000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)

0x9178E000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x8C187000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x8BED4000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)

0x914D9000 C:\Windows\system32\DRIVERS\atikmpag.sys 249856 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)

0x98EFC000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x92766000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)

0x82E09000 ACPI_HAL 225280 bytes

0x82E09000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x8BB57000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x915C1000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)

0x8BF4F000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)

0x916B2000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x91516000 C:\Windows\system32\DRIVERS\Rt86win7.sys 204800 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )

0x8C14D000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x97CA5000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x8C1CE000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)

0xA0AD6000 C:\Program Files\CyberLink\PowerDVD\000.fcl 180224 bytes (CyberLink Corp., -)

0x91D35000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)

0x8BD30000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8BA15000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x97C7D000 C:\Windows\system32\drivers\RtHDMIV.sys 163840 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x8BAE6000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)

0x8BF92000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)

0x8BF12000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)

0x8BB2B000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)

0x98ED9000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x91DB8000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x927BE000 C:\Windows\system32\DRIVERS\nusb3xhc.sys 139264 bytes (NEC Electronics Corporation, USB 3.0 Host Controller Driver)

0x91766000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)

0xA0AA8000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)

0x9149E000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8BBDA000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x8BB9C000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x8BBBB000 C:\Windows\system32\DRIVERS\ehdrv.sys 126976 bytes (ESET, ESET Helper driver)

0x9279F000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x916EB000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x99760000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)

0x8BACB000 C:\Windows\system32\DRIVERS\jraid.sys 110592 bytes (JMicron Technology Corp., JMicron JMB36X RAID Driver)

0x98D96000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x98F37000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x91729000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)

0x98DB1000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x98EAE000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x97CD4000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)

0x98F6A000 C:\Windows\system32\DRIVERS\epfwwfpr.sys 102400 bytes (ESET, ESET Personal Firewall driver)

0x91478000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x91D95000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x91DDA000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x91593000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x915AA000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x91636000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)

0x98D73000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0x8BB0C000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)

0x98D4E000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)

0x8BD5B000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x98DEB000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x91743000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x91D83000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)

0x98EC7000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x914BF000 C:\Windows\system32\DRIVERS\amdppm.sys 69632 bytes (Microsoft Corporation, Processor Device Driver)

0x8BF81000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x98D27000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes

0x8BB8B000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x97C6C000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x8BA4A000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)

0x8B830000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x9170A000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)

0x98DCB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x8BF37000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)

0x98DDB000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x91756000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)

0x8BA5B000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)

0x91400000 C:\Windows\system32\DRIVERS\nusb3hub.sys 61440 bytes (NEC Electronics Corporation, USB 3.0 Hub Driver)

0x92000000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x91490000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)

0x9171B000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8BA00000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x8BABD000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x8BDCB000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)

0x927F2000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x8B9A7000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)

0x91D76000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)

0x98D06000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x91C00000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)

0x9200F000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)

0xA0AC9000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8BE0C000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x917E3000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)

0x98D8A000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)

0x8BE00000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x98D13000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes

0x91D61000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0x98D43000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0x8B825000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)

0x98D38000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)

0x98D68000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0x8BDF2000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x91DAD000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x9164D000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x8BA3F000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)

0x98CFC000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x97C62000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)

0x917D9000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x917CF000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x91DF2000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)

0xA0A9E000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x91D6C000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)

0x927E8000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0x91D2B000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)

0x8BB4E000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)

0xA0BA5000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)

0x8BB22000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x98D1E000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes

0x8BDD9000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0xA0BAE000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x99730000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x8C17E000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)

0x914D0000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0x8B800000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x8B841000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x8BF47000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)

0x80BD4000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)

0x8B809000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8BFF7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8BDE2000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)

0x8BDEA000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)

0x8C1C6000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x8BFF0000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x98D61000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x8BFE9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x8BAB6000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x916E4000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)

0x927E2000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x91788000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)

0x8C1FB000 C:\Windows\System32\Drivers\CLBStor.SYS 12288 bytes (Cyberlink Co.,Ltd., Cyberlink Storage Helper Driver (WindowsNT5.x))

0xA0BA2000 C:\Windows\gdrv.sys 12288 bytes (Windows ® 2000 DDK provider, GIGABYTE Tools)

0x91C0D000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x927E0000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

==============================================

>Stealth

==============================================

0x8699AF13 Unknown page with executable code, 237 bytes

0x868E047E Unknown page with executable code, 2946 bytes

0x868E01C0 Unknown page with executable code, 3648 bytes

0x868EB074 Unknown page with executable code, 3980 bytes

0x868E2DB4 Unknown page with executable code, 588 bytes

0x98FADF2E Unknown thread object [ ETHREAD 0x85835D48 ] , 600 bytes

0x868EAD66 Unknown page with executable code, 666 bytes

log.zip

Gammo · December 28, 2010

Hi,

I'm sorry for the late response.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
Click me
If you can't disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

morphemes · December 28, 2010

Log is below:

ComboFix 10-12-26.01 - Grace Admin 29/12/2010 2:08.1.6 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3326.1584 [GMT 11:00]

Running from: c:\users\Grace\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 )))))))))))))))))))))))))))))))

.

2010-12-28 15:11 . 2010-12-28 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-28 12:41 . 2010-12-28 12:41 -------- d-----w- c:\programdata\Electronic Arts

2010-12-28 12:08 . 2010-12-28 12:08 -------- d-----w- c:\program files\Microsoft WSE

2010-12-28 12:07 . 2006-09-28 05:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2010-12-28 11:46 . 2010-12-28 12:42 -------- d-----w- c:\program files\Electronic Arts

2010-12-28 07:52 . 2010-11-16 01:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E432B112-7AA5-4343-9FD7-BBCECD6CB269}\mpengine.dll

2010-12-20 16:03 . 2010-12-20 16:03 -------- d-----w- c:\program files\iPod

2010-12-20 12:37 . 2010-12-20 13:17 -------- d-----w- c:\program files\Pandora Recovery

2010-12-15 06:44 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll

2010-12-12 07:41 . 2010-12-12 07:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2010-12-12 07:41 . 2010-12-12 07:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2010-12-12 07:41 . 2010-12-12 07:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2010-12-12 07:41 . 2010-12-12 07:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2010-12-12 07:41 . 2010-12-12 07:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2010-12-12 07:41 . 2010-12-12 07:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2010-12-12 07:41 . 2010-12-12 07:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2010-12-07 08:20 . 2010-12-07 08:20 -------- d-----w- c:\program files\Belarc

2010-12-07 08:04 . 2010-12-07 08:04 -------- d-----w- c:\programdata\Hewlett-Packard

2010-12-07 08:03 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll

2010-12-06 10:19 . 2010-12-20 07:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-06 10:19 . 2010-12-20 07:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-05 11:01 . 2010-12-05 11:01 -------- d-----w- c:\programdata\PC Tools

2010-12-05 10:58 . 2010-12-05 10:58 -------- d-----w- c:\program files\Trend Micro

2010-12-05 07:50 . 2010-12-05 07:50 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2010-12-05 06:01 . 2010-12-05 06:01 -------- d-----w- c:\program files\ESET

2010-12-05 05:49 . 2010-12-20 09:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-12-05 05:46 . 2010-12-05 05:46 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-12-05 05:45 . 2010-12-05 05:48 -------- d-----w- c:\programdata\Hitman Pro

2010-12-05 04:39 . 2010-12-04 09:49 -------- d-----w- c:\windows\Panther

2010-12-04 14:15 . 2010-12-04 14:15 -------- d-----w- c:\windows\system32\Wat

2010-12-04 13:19 . 2010-12-04 13:19 -------- d-----w- c:\programdata\Office Genuine Advantage

2010-12-04 13:05 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-12-04 12:33 . 2009-11-25 01:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-12-04 12:33 . 2009-11-25 01:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-12-04 12:33 . 2009-11-25 01:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-12-04 12:33 . 2009-11-25 01:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-12-04 12:33 . 2009-11-25 01:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-12-04 12:33 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-12-04 12:23 . 2010-12-04 12:23 -------- d-----w- c:\program files\Secunia

2010-12-04 12:20 . 2010-12-04 12:20 -------- d-----w- c:\programdata\Last.fm

2010-12-04 12:07 . 2010-12-04 12:11 -------- d-----w- c:\program files\Windows Live

2010-12-04 12:03 . 2010-12-19 06:24 -------- d-----w- c:\program files\Microsoft Silverlight

2010-12-04 12:02 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-12-04 12:02 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-04 12:00 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2010-12-04 12:00 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2010-12-04 12:00 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe

2010-12-04 12:00 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe

2010-12-04 12:00 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2010-12-04 12:00 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll

2010-12-04 12:00 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2010-12-04 11:59 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-12-04 11:59 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll

2010-12-04 11:59 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-12-04 11:59 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-12-04 11:59 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll

2010-12-04 11:57 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll

2010-12-04 11:57 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-12-04 11:57 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-12-04 11:57 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-12-04 11:57 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-12-04 11:57 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe

2010-12-04 11:57 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll

2010-12-04 11:57 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2010-12-04 11:57 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-12-04 11:56 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-04 11:56 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-04 11:56 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-12-04 11:56 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll

2010-12-04 11:56 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll

2010-12-04 11:54 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-12-04 11:38 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-12-04 11:23 . 2010-12-04 11:23 -------- d-----w- c:\program files\Foxit Software

2010-12-04 11:22 . 2010-12-04 11:22 -------- d-----w- c:\program files\CCleaner

2010-12-04 11:20 . 2010-12-05 00:55 -------- d-----w- c:\program files\Google

2010-12-04 11:12 . 2010-12-04 11:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-12-04 11:12 . 2010-12-04 11:13 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-04 11:09 . 2010-12-04 12:20 -------- d-----w- c:\program files\Last.fm

2010-12-04 11:06 . 2010-12-04 11:06 -------- dc----w- c:\windows\system32\DRVSTORE

2010-12-04 11:06 . 2009-05-18 02:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-12-04 11:06 . 2008-04-17 01:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-12-04 11:06 . 2010-12-20 16:03 -------- d-----w- c:\program files\iTunes

2010-12-04 11:06 . 2010-12-04 11:06 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-12-04 11:05 . 2010-12-20 16:03 -------- d-----w- c:\programdata\Apple Computer

2010-12-04 11:05 . 2010-12-12 07:40 -------- d-----w- c:\program files\QuickTime

2010-12-04 11:05 . 2010-12-04 11:05 -------- d-----w- c:\program files\Apple Software Update

2010-12-04 11:04 . 2010-12-04 11:04 -------- d-----w- c:\program files\Bonjour

2010-12-04 11:04 . 2010-12-20 16:03 -------- d-----w- c:\program files\Common Files\Apple

2010-12-04 11:04 . 2010-12-04 11:04 -------- d-----w- c:\programdata\Apple

2010-12-04 11:01 . 2010-12-04 11:01 -------- d-----w- c:\program files\VideoLAN

2010-12-04 11:00 . 2010-12-04 11:00 -------- d-----w- c:\programdata\Malwarebytes

2010-12-04 11:00 . 2010-12-23 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-04 10:48 . 2010-12-04 10:48 -------- d-----w- c:\program files\Common Files\McAfee

2010-12-04 10:48 . 2010-12-16 12:42 -------- d-----w- c:\program files\McAfee

2010-12-04 10:48 . 2010-12-04 10:48 -------- d-----w- c:\programdata\McAfee

2010-12-04 10:35 . 2010-12-28 12:53 -------- d-----w- c:\users\Grace

2010-12-04 10:09 . 2010-12-04 10:14 -------- d-----w- c:\program files\lg_fwupdate

2010-12-04 10:09 . 2010-12-04 10:11 16384 ----a-w- c:\windows\system32\lgfwunis.exe

2010-12-04 10:09 . 1998-07-21 13:00 102912 ----a-w- c:\windows\system32\Vb6stkit.dll

2010-12-04 10:09 . 1998-07-21 13:00 102160 ----a-w- c:\windows\system32\VB6KO.DLL

2010-12-04 10:09 . 1998-06-23 13:00 115016 ----a-w- c:\windows\system32\MSINET.OCX

2010-12-04 10:07 . 2007-06-04 07:25 16048 ------w- c:\windows\system32\drivers\CLBStor.sys

2010-12-04 10:06 . 2007-03-22 10:28 1053232 ------w- c:\windows\system32\MFC71u.dll

2010-12-04 10:06 . 2007-03-22 10:28 1066544 ------w- c:\windows\system32\MFC71.dll

2010-12-04 10:04 . 2009-04-16 08:56 29480 ------w- c:\windows\system32\msxml3a.dll

2010-12-04 10:03 . 2009-04-16 08:56 505128 ----a-w- c:\windows\system32\msvcp71.dll

2010-12-04 10:03 . 2007-03-14 10:01 353840 ----a-w- c:\windows\system32\msvcr71.dll

2010-12-04 10:02 . 2010-12-04 12:26 -------- d-----w- c:\program files\CyberLink

2010-12-04 10:01 . 2010-12-28 12:53 17488 ----a-w- c:\windows\gdrv.sys

2010-12-04 09:59 . 2010-12-04 09:59 -------- d-----w- c:\program files\NEC Electronics

2010-12-04 09:59 . 2009-08-26 08:49 1970176 ------r- c:\windows\system32\xRaidSetup.exe

2010-12-04 09:59 . 2009-08-25 11:16 151552 ------r- c:\windows\system32\xRaidAPI.dll

2010-12-04 09:59 . 2010-12-04 09:59 -------- d-----w- C:\RaidTool

2010-12-04 09:59 . 2009-08-06 05:51 65536 ------r- c:\windows\system32\XSrvSetup.exe

2010-12-04 09:59 . 2009-10-29 08:14 99440 ----a-w- c:\windows\system32\drivers\jraid.sys

2010-12-04 09:59 . 2010-12-04 09:59 -------- d-----w- c:\windows\RaidTool

2010-12-04 09:59 . 2010-12-28 12:08 -------- d-sh--w- c:\windows\Installer

2010-12-04 09:58 . 2009-07-22 10:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll

2010-12-04 09:58 . 2009-03-05 06:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll

2010-12-04 09:58 . 2009-08-20 16:04 189440 ----a-w- c:\windows\system32\drivers\Rt86win7.sys

2010-12-04 09:56 . 2010-12-04 09:56 0 ----a-w- c:\windows\ativpsrm.bin

2010-12-04 09:53 . 2010-12-04 10:02 -------- d-----w- c:\program files\Common Files\InstallShield

2010-12-04 09:51 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-12-04 09:51 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll

2010-12-04 09:50 . 2010-12-28 12:59 -------- d-----w- c:\windows\system32\wbem\Performance

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-09 15:54 . 2010-11-09 15:54 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-10-26 16:59 . 2010-10-26 16:59 6573568 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2010-10-26 16:08 . 2010-10-26 16:08 16281600 ----a-w- c:\windows\system32\atioglxx.dll

2010-10-26 15:55 . 2010-10-26 15:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2010-10-26 15:55 . 2010-10-26 15:55 547328 ----a-w- c:\windows\system32\aticfx32.dll

2010-10-26 15:52 . 2010-10-26 15:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll

2010-10-26 15:51 . 2010-10-26 15:51 393216 ----a-w- c:\windows\system32\atieclxx.exe

2010-10-26 15:51 . 2010-10-26 15:51 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2010-10-26 15:50 . 2010-10-26 15:50 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2010-10-26 15:50 . 2010-10-26 15:50 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2010-10-26 15:49 . 2010-10-26 15:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2010-10-26 15:49 . 2010-10-26 15:49 15872 ----a-w- c:\windows\system32\atimuixx.dll

2010-10-26 15:49 . 2010-10-26 15:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2010-10-26 15:46 . 2010-10-26 15:46 4020736 ----a-w- c:\windows\system32\atidxx32.dll

2010-10-26 15:35 . 2010-10-26 15:35 46080 ----a-w- c:\windows\system32\aticalrt.dll

2010-10-26 15:35 . 2010-10-26 15:35 44032 ----a-w- c:\windows\system32\aticalcl.dll

2010-10-26 15:33 . 2010-10-26 15:33 5441536 ----a-w- c:\windows\system32\aticaldd.dll

2010-10-26 15:28 . 2010-10-26 15:28 4094464 ----a-w- c:\windows\system32\atiumdag.dll

2010-10-26 15:14 . 2010-10-26 15:14 52736 ----a-w- c:\windows\system32\coinst.dll

2010-10-26 15:14 . 2010-10-26 15:14 249856 ----a-w- c:\windows\system32\atiadlxx.dll

2010-10-26 15:14 . 2010-10-26 15:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll

2010-10-26 15:14 . 2010-10-26 15:14 27136 ----a-w- c:\windows\system32\atigktxx.dll

2010-10-26 15:14 . 2010-10-26 15:14 229888 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2010-10-26 15:13 . 2010-10-26 15:13 30720 ----a-w- c:\windows\system32\atiuxpag.dll

2010-10-26 15:13 . 2010-10-26 15:13 28672 ----a-w- c:\windows\system32\atiu9pag.dll

2010-10-26 15:13 . 2010-10-26 15:13 23040 ----a-w- c:\windows\system32\atitmpxx.dll

2010-10-26 15:12 . 2010-10-26 15:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2010-10-26 14:50 . 2010-10-26 14:50 3460096 ----a-w- c:\windows\system32\atiumdva.dll

2010-10-26 14:37 . 2010-10-26 14:37 52736 ----a-w- c:\windows\system32\atimpc32.dll

2010-10-26 14:37 . 2010-10-26 14:37 52736 ----a-w- c:\windows\system32\amdpcom32.dll

2010-10-07 01:23 . 2010-10-07 01:23 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-10-07 01:23 . 2010-10-07 01:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-10-07 01:23 . 2010-10-07 01:23 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-10-07 01:23 . 2010-10-07 01:23 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2424560]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-12-04 557056]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-04 75048]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2009-04-16 87336]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-04-16 62760]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\users\Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Grace Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 JMB36X;JMB36X;c:\windows\System32\XSrvSetup.exe [2009-08-06 65536]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-11-24 88176]

R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-12-20 16968]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-04 1343400]

S1 CLBStor;InstantBurn Storage Helper Driver; [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-26 176128]

S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-02 137144]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-04 810144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]

S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-26 6573568]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-26 229888]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 58880]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 137728]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6344)

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\users\Grace\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

Completion time: 2010-12-29 02:12:58

ComboFix-quarantined-files.txt 2010-12-28 15:12

Pre-Run: 218,735,456,256 bytes free

Post-Run: 218,827,816,960 bytes free

- - End Of File - - 31C8E29A620E85AF23EC9915C24FFD9F

Gammo · December 29, 2010

Hi,

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the button.
13. Push

morphemes · December 29, 2010

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5415

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

30/12/2010 2:05:45 AM

mbam-log-2010-12-30 (02-05-45).txt

Scan type: Quick scan

Objects scanned: 148295

Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-

The ESET scanner also came up with 0 threats. There was no 'list of found threats' prompt.

Gammo · December 29, 2010

Hi,

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :lol:

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download OTC to your desktop and run it
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
SpywareBlaster to help prevent spyware from installing in the first place.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo

morphemes · January 3, 2011

Thanks for your responses. But I've noticed that even though I've done scans with Malwarebytes/ESET before which came up clean, the folder still popped up. And I've also noticed that my computer has been acting strange recently. For example, sometimes when I'm browsing on Firefox the bar seems to endlessly say "waiting for www.site.com" (restarting the computer rectifies the problem) but MSN and other applications requiring internet connections still work, and sometimes my Windows Explorer and Alt+Ctrl+Delete function start to go haywire/not responding, which hasn't happened before.

And the Stealth section with the (unknown page with executable code) of the Rootkit Unhooker report...should I be worried?

Gammo · January 4, 2011

Hi,

And the Stealth section with the (unknown page with executable code) of the Rootkit Unhooker report...should I be worried?

Don't worry about it.

Your PC is clean and if you're still experiencing problems, then they're not malware related. We have the PC Help forum is for non-malicious problem.

morphemes · January 5, 2011

So it's safe to change passwords on the same computer as a precaution?

Thanks for all your help!

Gammo · January 5, 2011

You're welcome.

So it's safe to change passwords on the same computer as a precaution?

Yep.

morphemes · January 6, 2011

Apologies about the consistent questions/doubt, but I booted up my computer today and after hours of browsing without the initial folder popping up that led me to believe I had some sort of malware/virus on my computer, it once again appeared in the Windows Explorer recently accessed list recently. Maybe about half an hour ago. And when I was restarting my computer after uninstalling Combofix/running OTC, the folder seems to appear everytime the computer's finished loading.

Gammo · January 6, 2011

Apologies about the consistent questions/doubt

No problem. It's weird that the folder reappears every time, but I'm quite sure it isn't malware, so I wouldn't worry about it if I were you. :blink:

morphemes · January 12, 2011

Hi, sorry for the lack of reply, I've been on holiday.

Anyway, I have a new problem, but I don't think it's as problematic...

I somehow picked up Spyware.OnlineGames. Tried removing it in normal mode and safe mode and both still couldn't remove it, even after reboot. SuperAntiSpyware didn't pick it up either.

I need your help once again!

morphemes · January 12, 2011

Attached log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5503

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

13/01/2011 6:20:26 AM

mbam-log-2011-01-13 (06-20-26).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 203992

Time elapsed: 20 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\windows\temp\nod1.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Gammo · January 15, 2011

Hi,

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes

:Services

:Reg

:Files
ipconfig /flushdns /c
c:\windows\temp\nod1.tmp

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

morphemes · January 16, 2011

I think this is it:

All processes killed

========== PROCESSES ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Grace\Desktop\cmd.bat deleted successfully.

C:\Users\Grace\Desktop\cmd.txt deleted successfully.

c:\windows\temp\NOD1.tmp moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Grace

->Temp folder emptied: 938283 bytes

->Temporary Internet Files folder emptied: 8239827 bytes

->FireFox cache emptied: 117000596 bytes

->Flash cache emptied: 3196 bytes

User: Grace Admin

->Temp folder emptied: 252285025 bytes

->Temporary Internet Files folder emptied: 1361376 bytes

->Flash cache emptied: 456 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1746178070 bytes

RecycleBin emptied: 7477 bytes

Total Files Cleaned = 2,028.00 mb

Gammo · January 16, 2011

OTM says it deleted the file.

Are you still experiencing any problems?

morphemes · January 21, 2011

I did a MBAM scan and it came up clean but just then I scanned again and it's come back. I'll just run OTM again. Thanks!

morphemes · January 21, 2011

New log:

All processes killed

========== PROCESSES ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Grace\Desktop\cmd.bat deleted successfully.

C:\Users\Grace\Desktop\cmd.txt deleted successfully.

c:\windows\temp\NOD1.tmp moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Grace

->Temp folder emptied: 880612 bytes

->Temporary Internet Files folder emptied: 7993784 bytes

->FireFox cache emptied: 131569695 bytes

->Flash cache emptied: 2301 bytes

User: Grace Admin

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 52849 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 134.00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 01212011_200156

Gammo · January 21, 2011

Looks good to me. Does the file return in a new MBAM scan?

morphemes · January 23, 2011

No, I just did a scan today. If it keeps popping up, shall I just use OTM again? Is there any surefire way to make sure it stays away?

screen317 · February 8, 2011

morphemes,

Do you still need help?

screen317 · February 25, 2011

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

I thought I removed it...what do I do now?

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information