Run OTL and post the new log and let me take one final look
Run OTL and post the new log and let me take one final look
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Hi,
Here is the result of latest run of OTL...
OTL logfile created on: 06/12/2011 11:47:01 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 55.37% Memory free
3.74 Gb Paging File | 3.00 Gb Available in Paging File | 80.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 90.63 Gb Free Space | 62.81% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.94 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Sandra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbkcoms.exe ( )
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (MpKsl85528976) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA205A38-4BE3-4F22-921D-77BD8BE72D65}\MpKsl85528976.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (GemCCID) -- C:\Windows\System32\drivers\GemCCID.sys (Gemalto)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.comhttp://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2010/11/23 15:18:28 | 000,002,037 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb2.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2011/11/30 18:31:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A4F467-8F06-4D9B-A7EC-F89D639D7B84}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/02 19:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/02 17:31:24 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Malwarebytes
[2011/12/02 17:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/02 17:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/02 17:31:11 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/02 17:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/30 18:50:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/30 18:49:52 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\temp
[2011/11/30 17:47:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/29 15:56:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/29 15:56:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/29 15:56:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/29 15:46:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/29 15:44:32 | 004,321,290 | R--- | C] (Swearware) -- C:\Users\Sandra\Desktop\ComboFix.exe
[2011/11/29 13:06:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/29 10:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/11/29 10:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Paint.NET
[2011/11/29 10:28:57 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\Paint
[2011/11/29 10:09:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2011/11/29 10:06:50 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\gmer
[2011/11/29 07:34:18 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2011/11/28 16:32:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/28 16:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/11/28 16:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/25 18:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/25 18:12:19 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/11/25 18:04:58 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdkiller.com
[2011/11/25 17:55:15 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/25 17:53:01 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Google
[2011/11/25 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Apps
[2011/11/25 17:52:40 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Deployment
[2008/08/31 16:23:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2008/08/31 16:23:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2008/08/31 16:23:20 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2008/08/31 16:23:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2008/08/31 16:23:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2008/08/31 16:23:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2008/08/31 16:23:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2008/08/31 16:23:19 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2008/08/31 16:23:19 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2008/08/31 16:23:19 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2008/08/31 16:23:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2008/08/31 16:23:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2008/08/31 16:23:18 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2008/08/31 16:23:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2008/08/31 16:23:18 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2008/05/28 11:29:13 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
========== Files - Modified Within 30 Days ==========
[2011/12/06 11:46:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{077FCF45-234B-4E35-9958-7D72FB3A0C64}.job
[2011/12/06 11:45:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/12/06 11:45:06 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 11:45:06 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 11:45:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/03 00:18:20 | 000,618,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/03 00:18:20 | 000,114,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/02 23:58:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000UA.job
[2011/12/02 17:58:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000Core.job
[2011/12/02 17:31:17 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 22:31:07 | 000,002,627 | ---- | M] () -- C:\Users\Sandra\Desktop\Microsoft Office Word 2007.lnk
[2011/11/30 18:31:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/29 15:44:32 | 004,321,290 | R--- | M] (Swearware) -- C:\Users\Sandra\Desktop\ComboFix.exe
[2011/11/29 15:25:17 | 306,734,908 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/29 10:30:53 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/11/29 10:09:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2011/11/29 07:34:24 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2011/11/28 16:31:43 | 000,000,922 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/28 16:31:30 | 000,000,723 | ---- | M] () -- C:\Users\Sandra\Desktop\ERUNT.lnk
[2011/11/28 15:53:41 | 000,403,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/26 03:18:50 | 000,000,384 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2011/11/26 03:01:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/25 18:33:23 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/11/25 18:32:49 | 000,022,032 | ---- | M] () -- C:\Windows\DCEBoot.exe
[2011/11/25 18:16:27 | 000,000,036 | ---- | M] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2011/11/25 18:05:06 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdkiller.com
[2011/11/25 17:55:22 | 000,002,056 | ---- | M] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2011/11/25 17:55:22 | 000,002,018 | ---- | M] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/14 20:15:15 | 000,000,288 | ---- | M] () -- C:\ProgramData\~ai3h6NmYYVmUXf
[2011/11/14 20:15:15 | 000,000,216 | ---- | M] () -- C:\ProgramData\~ai3h6NmYYVmUXfr
[2011/11/14 20:15:11 | 000,000,336 | ---- | M] () -- C:\ProgramData\ai3h6NmYYVmUXf
========== Files Created - No Company Name ==========
[2011/12/02 17:31:17 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/29 15:56:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/29 15:56:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/29 15:56:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/29 15:56:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/29 15:56:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/29 15:25:17 | 306,734,908 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/29 10:30:53 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/11/29 10:30:53 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/11/28 16:31:43 | 000,000,922 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/28 16:31:30 | 000,000,723 | ---- | C] () -- C:\Users\Sandra\Desktop\ERUNT.lnk
[2011/11/26 03:18:50 | 000,000,384 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2011/11/25 18:32:49 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2011/11/25 18:32:28 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/11/25 18:16:27 | 000,000,036 | ---- | C] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2011/11/25 18:15:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/25 18:13:06 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/25 17:55:22 | 000,002,056 | ---- | C] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2011/11/25 17:55:22 | 000,002,018 | ---- | C] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/25 17:53:03 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000UA.job
[2011/11/25 17:53:01 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000Core.job
[2011/11/14 20:15:15 | 000,000,216 | ---- | C] () -- C:\ProgramData\~ai3h6NmYYVmUXfr
[2011/11/14 20:15:14 | 000,000,288 | ---- | C] () -- C:\ProgramData\~ai3h6NmYYVmUXf
[2011/11/14 20:15:11 | 000,000,336 | ---- | C] () -- C:\ProgramData\ai3h6NmYYVmUXf
[2011/02/10 12:00:07 | 000,008,885 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/02/06 00:15:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/29 19:31:02 | 000,000,680 | ---- | C] () -- C:\Users\Sandra\AppData\Local\d3d9caps.dat
[2009/10/22 16:12:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 16:12:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 10:06:15 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/09/23 10:06:06 | 000,000,392 | ---- | C] () -- C:\Windows\videoimp.ini
[2009/04/10 17:19:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/12/16 20:55:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/11 08:38:24 | 000,000,031 | ---- | C] () -- C:\Windows\UKCpInfo.sys
[2008/09/02 13:16:08 | 000,019,220 | ---- | C] () -- C:\Windows\wwdslcfg.ini
[2008/09/01 10:11:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/31 16:26:29 | 000,000,359 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008/08/31 16:23:20 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2008/08/31 16:23:19 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2008/08/31 12:54:02 | 000,036,864 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/30 03:14:01 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2008/08/29 19:50:48 | 000,001,770 | ---- | C] () -- C:\Windows\wininit.ini
[2008/05/28 11:32:14 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/05/28 11:32:14 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/05/28 11:30:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2008/05/28 11:29:13 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/03/16 20:42:41 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/16 20:10:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/16 19:16:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/03/16 19:03:42 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008/03/16 19:03:42 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/02/08 01:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 16:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,403,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,618,260 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,114,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/05 20:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005/09/14 00:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2005/09/14 00:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll
[2001/12/26 22:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 05:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 22:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 04:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Acer GameZone Console
[2010/10/08 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Doctor Who
[2008/09/02 14:59:26 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\eSobi
[2011/11/25 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Loyfz
[2011/02/09 20:38:02 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Umno
[2011/12/03 00:20:00 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/06 11:46:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{077FCF45-234B-4E35-9958-7D72FB3A0C64}.job
========== Purity Check ==========
< End of report >
Basically your log looks ok but just curious what these are, run this program and lets take a look unless you know what they are
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Note: The log can also be found on your Desktop entitled SystemLook.txt
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code::dir C:\ProgramData\~ai3h6NmYYVmUXf :file C:\ProgramData\~ai3h6NmYYVmUXf- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Hi,
No idea what those files are....
I ran system look, here is the log result:
SystemLook 30.07.11 by jpshortstuff
Log created at 08:25 on 07/12/2011 by Sandra
Administrator - Elevation successful
========== dir ==========
C:\ProgramData\~ai3h6NmYYVmUXf - Unable to find folder.
========== file ==========
C:\ProgramData\~ai3h6NmYYVmUXf - File found and opened.
MD5: 2666FEEBC500CA7E464D54F27A5B1800
Created at 20:15 on 14/11/2011
Modified at 20:15 on 14/11/2011
Size: 288 bytes
Attributes: --a----
No version information available.
-= EOF =-
See if you can upload it, searching that MD5 is not showing me anything, sometimes games will create funny looking files like that.
You need to enable windows to show all files and folders, instructions Here
Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
C:\ProgramData\~ai3h6NmYYVmUXf
If the site is busy you can try this one
http://virusscan.jotti.org/en
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Hi,
I uploaded the file to VirusTotal, here is the result:
Antivirus results
AhnLab-V3 - 2011.12.07.00 - 2011.12.07 - -
AntiVir - 7.11.19.14 - 2011.12.07 - -
Antiy-AVL - 2.0.3.7 - 2011.12.07 - -
Avast - 6.0.1289.0 - 2011.12.07 - -
AVG - 10.0.0.1190 - 2011.12.07 - -
BitDefender - 7.2 - 2011.12.07 - -
ByteHero - 1.0.0.1 - 2011.12.07 - -
CAT-QuickHeal - 12.00 - 2011.12.07 - -
ClamAV - 0.97.3.0 - 2011.12.07 - -
Commtouch - 5.3.2.6 - 2011.12.07 - -
Comodo - 10871 - 2011.12.07 - UnclassifiedMalware
DrWeb - 5.0.2.03300 - 2011.12.07 - -
Emsisoft - 5.1.0.11 - 2011.12.07 - -
eSafe - 7.0.17.0 - 2011.12.06 - -
eTrust-Vet - 37.0.9609 - 2011.12.07 - -
F-Prot - 4.6.5.141 - 2011.11.29 - -
F-Secure - 9.0.16440.0 - 2011.12.07 - -
Fortinet - 4.3.388.0 - 2011.12.07 - W32/FakeAvCn.A!tr
GData - 22 - 2011.12.07 - -
Ikarus - T3.1.1.109.0 - 2011.12.07 - -
Jiangmin - 13.0.900 - 2011.12.06 - -
K7AntiVirus - 9.119.5619 - 2011.12.07 - -
Kaspersky - 9.0.0.837 - 2011.12.07 - -
McAfee - 5.400.0.1158 - 2011.12.07 - FakeAlert!grb
McAfee-GW-Edition - 2010.1E - 2011.12.07 - FakeAlert!grb
Microsoft - 1.7903 - 2011.12.07 - -
NOD32 - 6691 - 2011.12.07 - -
Norman - 6.07.13 - 2011.12.07 - -
Panda - 10.0.3.5 - 2011.12.06 - Trj/SystemRestore.A
PCTools - 8.0.0.5 - 2011.12.07 - -
Prevx - 3.0 - 2011.12.07 - -
Rising - 23.87.02.01 - 2011.12.07 - -
Sophos - 4.71.0 - 2011.12.07 - Mal/FakeAvCn-A
SUPERAntiSpyware - 4.40.0.1006 - 2011.12.07 - -
Symantec - 20111.2.0.82 - 2011.12.07 - -
TheHacker - 6.7.0.1.352 - 2011.12.01 - -
TrendMicro - 9.500.0.1008 - 2011.12.07 - -
TrendMicro-HouseCall - 9.500.0.1008 - 2011.12.07 - -
VBA32 - 3.12.16.4 - 2011.12.07 - -
VIPRE - 11215 - 2011.12.07 - -
ViRobot - 2011.12.7.4813 - 2011.12.07 - -
VirusBuster - 14.1.103.0 - 2011.12.07 - -
File info:
MD5: 2666feebc500ca7e464d54f27a5b1800
SHA1: 83c0a0fcf19bafb812d914e8bbb4e7d82b4a18b5
SHA256: 90e05240c2a08bfde44d9683b87def48d1ddd33292f22234152e8df57999193d
File size: 288 bytes
Scan date: 2011-12-07 15:57:19 (UTC)
Thanks for hanging in with me
Lets see if you can delete these manually by right clicking on the file and select delete, leave them in your Recycle Bin, reboot and make sure no problems, if no problems than empty your Recycle Bin
C:\ProgramData\~ai3h6NmYYVmUXfr
C:\ProgramData\~ai3h6NmYYVmUXf
C:\ProgramData\ai3h6NmYYVmUXf
Let me know how it went ?
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Hey no worries, thanks for all the help you have given me!
I deleted the files, re-booted and everything appears fine (poked around a little bit and tried a few applications).
Wonderful
- Click START then RUN
- Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
- How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.- WhattheTech
- GeeksTo Go
- Dslreports
Safe Surfn
Ken
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Something of a problem.... The re-direct appears to have, well, re-appeared. I just googled something (actually how to find the run box in Vista) and now all links are re-directing from the google search again (and yahoo actually).
I haven’t been on the computer since my post yesterday. MSE is running and up to date so not sure what has happened....
Posting Permissions
