-
Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.
Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!
Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.
We'll also start using the forum for small bits of information, announcements and more again.
Google results re-direct to random websites (and computer is slow)
- Thread starter spikyspud
- Start date
ken545
Emeritus-Security Expert
Sometimes programs like Combofix may have removed them but not shown it.
Lets do this.
Please download Malwarebytes from Here or Here
Lets do this.
Please download Malwarebytes from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Ok, I ran malwarebytes, the log file is below.
Thanks again for your assitance.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8291
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154
02/12/2011 17:36:03
mbam-log-2011-12-02 (17-36-03).txt
Scan type: Quick scan
Objects scanned: 166455
Time elapsed: 3 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Thanks again for your assitance.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8291
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154
02/12/2011 17:36:03
mbam-log-2011-12-02 (17-36-03).txt
Scan type: Quick scan
Objects scanned: 166455
Time elapsed: 3 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ken545
Emeritus-Security Expert
Great,
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
The log that was produced after running ESET Online Scanner.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Click on
- Check
- Click the button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option "Remove found threats" is Unchecked
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time. - When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply. - Push the button.
- Push
The log that was produced after running ESET Online Scanner.
ken545
Emeritus-Security Expert
Good so far, lets run this fix, also tell me how you think your computer is behaving right now ???
Open OTL.exe
Open OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code::processes killallprocesses :OTL :Services :Reg :Files C:\Windows\csauie1.ocx :Commands [purity] [CLEARALLRESTOREPOINTS] [emptytemp] [start explorer] [Reboot] - Then click the Run Fix button at the top. <--Not run Scan
- Let the program run unhindered, reboot when it is done
- Then post the results of the log it produces
Hi,
I ran OTL (log at the end), on reboot I tested google search results and the random re-direct appears to have stopped!
:thanks::thanks::thanks:
Please let me know if there is anything else that I should so do as a final check/clean up?
Thanks again.
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\csauie1.ocx moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sandra
->Temp folder emptied: 138328 bytes
->Temporary Internet Files folder emptied: 313589576 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 11858 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6965 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 299.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12032011_000537
Files\Folders moved on Reboot...
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILR48TUS\1122708[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILR48TUS\if[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILR48TUS\like[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILR48TUS\trade_gothic_condensed_18-webfont[1].eot moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5AULC02\login_status[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUMUAWJA\sh69[1].html moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9107NN5X\dis[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9107NN5X\showthread[1].php moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YUVGIVK\hub[1].html moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KZDKEIZ\online-scanner[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21TTYSMC\1122708[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21TTYSMC\1122708[2].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21TTYSMC\afrCAN1SII2.htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21TTYSMC\audience-science[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21TTYSMC\tradegothicltstd-bdcn20-webfont[1].eot moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
I ran OTL (log at the end), on reboot I tested google search results and the random re-direct appears to have stopped!
:thanks::thanks::thanks:
Please let me know if there is anything else that I should so do as a final check/clean up?
Thanks again.
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\csauie1.ocx moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sandra
->Temp folder emptied: 138328 bytes
->Temporary Internet Files folder emptied: 313589576 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 11858 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6965 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 299.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12032011_000537
Files\Folders moved on Reboot...
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILR48TUS\1122708[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILR48TUS\if[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILR48TUS\like[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILR48TUS\trade_gothic_condensed_18-webfont[1].eot moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5AULC02\login_status[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUMUAWJA\sh69[1].html moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9107NN5X\dis[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9107NN5X\showthread[1].php moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YUVGIVK\hub[1].html moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KZDKEIZ\online-scanner[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21TTYSMC\1122708[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21TTYSMC\1122708[2].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21TTYSMC\afrCAN1SII2.htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21TTYSMC\audience-science[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21TTYSMC\tradegothicltstd-bdcn20-webfont[1].eot moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Hi,
Here is the result of latest run of OTL...
OTL logfile created on: 06/12/2011 11:47:01 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 55.37% Memory free
3.74 Gb Paging File | 3.00 Gb Available in Paging File | 80.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 90.63 Gb Free Space | 62.81% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.94 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Sandra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbkcoms.exe ( )
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (MpKsl85528976) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA205A38-4BE3-4F22-921D-77BD8BE72D65}\MpKsl85528976.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (GemCCID) -- C:\Windows\System32\drivers\GemCCID.sys (Gemalto)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.comhttp://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2010/11/23 15:18:28 | 000,002,037 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb2.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google
riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2011/11/30 18:31:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A4F467-8F06-4D9B-A7EC-F89D639D7B84}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/02 19:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/02 17:31:24 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Malwarebytes
[2011/12/02 17:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/02 17:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/02 17:31:11 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/02 17:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/30 18:50:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/30 18:49:52 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\temp
[2011/11/30 17:47:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/29 15:56:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/29 15:56:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/29 15:56:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/29 15:46:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/29 15:44:32 | 004,321,290 | R--- | C] (Swearware) -- C:\Users\Sandra\Desktop\ComboFix.exe
[2011/11/29 13:06:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/29 10:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/11/29 10:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Paint.NET
[2011/11/29 10:28:57 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\Paint
[2011/11/29 10:09:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2011/11/29 10:06:50 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\gmer
[2011/11/29 07:34:18 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2011/11/28 16:32:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/28 16:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/11/28 16:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/25 18:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/25 18:12:19 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/11/25 18:04:58 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdkiller.com
[2011/11/25 17:55:15 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/25 17:53:01 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Google
[2011/11/25 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Apps
[2011/11/25 17:52:40 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Deployment
[2008/08/31 16:23:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2008/08/31 16:23:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2008/08/31 16:23:20 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2008/08/31 16:23:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2008/08/31 16:23:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2008/08/31 16:23:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2008/08/31 16:23:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2008/08/31 16:23:19 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2008/08/31 16:23:19 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2008/08/31 16:23:19 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2008/08/31 16:23:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2008/08/31 16:23:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2008/08/31 16:23:18 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2008/08/31 16:23:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2008/08/31 16:23:18 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2008/05/28 11:29:13 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
========== Files - Modified Within 30 Days ==========
[2011/12/06 11:46:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{077FCF45-234B-4E35-9958-7D72FB3A0C64}.job
[2011/12/06 11:45:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/12/06 11:45:06 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 11:45:06 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 11:45:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/03 00:18:20 | 000,618,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/03 00:18:20 | 000,114,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/02 23:58:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000UA.job
[2011/12/02 17:58:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000Core.job
[2011/12/02 17:31:17 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 22:31:07 | 000,002,627 | ---- | M] () -- C:\Users\Sandra\Desktop\Microsoft Office Word 2007.lnk
[2011/11/30 18:31:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/29 15:44:32 | 004,321,290 | R--- | M] (Swearware) -- C:\Users\Sandra\Desktop\ComboFix.exe
[2011/11/29 15:25:17 | 306,734,908 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/29 10:30:53 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/11/29 10:09:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2011/11/29 07:34:24 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2011/11/28 16:31:43 | 000,000,922 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/28 16:31:30 | 000,000,723 | ---- | M] () -- C:\Users\Sandra\Desktop\ERUNT.lnk
[2011/11/28 15:53:41 | 000,403,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/26 03:18:50 | 000,000,384 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2011/11/26 03:01:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/25 18:33:23 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/11/25 18:32:49 | 000,022,032 | ---- | M] () -- C:\Windows\DCEBoot.exe
[2011/11/25 18:16:27 | 000,000,036 | ---- | M] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2011/11/25 18:05:06 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdkiller.com
[2011/11/25 17:55:22 | 000,002,056 | ---- | M] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2011/11/25 17:55:22 | 000,002,018 | ---- | M] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/14 20:15:15 | 000,000,288 | ---- | M] () -- C:\ProgramData\~ai3h6NmYYVmUXf
[2011/11/14 20:15:15 | 000,000,216 | ---- | M] () -- C:\ProgramData\~ai3h6NmYYVmUXfr
[2011/11/14 20:15:11 | 000,000,336 | ---- | M] () -- C:\ProgramData\ai3h6NmYYVmUXf
========== Files Created - No Company Name ==========
[2011/12/02 17:31:17 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/29 15:56:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/29 15:56:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/29 15:56:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/29 15:56:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/29 15:56:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/29 15:25:17 | 306,734,908 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/29 10:30:53 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/11/29 10:30:53 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/11/28 16:31:43 | 000,000,922 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/28 16:31:30 | 000,000,723 | ---- | C] () -- C:\Users\Sandra\Desktop\ERUNT.lnk
[2011/11/26 03:18:50 | 000,000,384 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2011/11/25 18:32:49 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2011/11/25 18:32:28 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/11/25 18:16:27 | 000,000,036 | ---- | C] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2011/11/25 18:15:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/25 18:13:06 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/25 17:55:22 | 000,002,056 | ---- | C] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2011/11/25 17:55:22 | 000,002,018 | ---- | C] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/25 17:53:03 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000UA.job
[2011/11/25 17:53:01 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000Core.job
[2011/11/14 20:15:15 | 000,000,216 | ---- | C] () -- C:\ProgramData\~ai3h6NmYYVmUXfr
[2011/11/14 20:15:14 | 000,000,288 | ---- | C] () -- C:\ProgramData\~ai3h6NmYYVmUXf
[2011/11/14 20:15:11 | 000,000,336 | ---- | C] () -- C:\ProgramData\ai3h6NmYYVmUXf
[2011/02/10 12:00:07 | 000,008,885 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/02/06 00:15:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/29 19:31:02 | 000,000,680 | ---- | C] () -- C:\Users\Sandra\AppData\Local\d3d9caps.dat
[2009/10/22 16:12:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 16:12:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 10:06:15 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/09/23 10:06:06 | 000,000,392 | ---- | C] () -- C:\Windows\videoimp.ini
[2009/04/10 17:19:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/12/16 20:55:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/11 08:38:24 | 000,000,031 | ---- | C] () -- C:\Windows\UKCpInfo.sys
[2008/09/02 13:16:08 | 000,019,220 | ---- | C] () -- C:\Windows\wwdslcfg.ini
[2008/09/01 10:11:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/31 16:26:29 | 000,000,359 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008/08/31 16:23:20 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2008/08/31 16:23:19 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2008/08/31 12:54:02 | 000,036,864 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/30 03:14:01 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2008/08/29 19:50:48 | 000,001,770 | ---- | C] () -- C:\Windows\wininit.ini
[2008/05/28 11:32:14 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/05/28 11:32:14 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/05/28 11:30:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2008/05/28 11:29:13 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/03/16 20:42:41 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/16 20:10:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/16 19:16:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/03/16 19:03:42 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008/03/16 19:03:42 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/02/08 01:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 16:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,403,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,618,260 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,114,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/05 20:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005/09/14 00:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2005/09/14 00:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll
[2001/12/26 22:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 05:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 22:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 04:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Acer GameZone Console
[2010/10/08 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Doctor Who
[2008/09/02 14:59:26 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\eSobi
[2011/11/25 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Loyfz
[2011/02/09 20:38:02 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Umno
[2011/12/03 00:20:00 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/06 11:46:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{077FCF45-234B-4E35-9958-7D72FB3A0C64}.job
========== Purity Check ==========
< End of report >
Here is the result of latest run of OTL...
OTL logfile created on: 06/12/2011 11:47:01 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 55.37% Memory free
3.74 Gb Paging File | 3.00 Gb Available in Paging File | 80.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 90.63 Gb Free Space | 62.81% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.94 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Sandra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbkcoms.exe ( )
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (MpKsl85528976) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA205A38-4BE3-4F22-921D-77BD8BE72D65}\MpKsl85528976.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (GemCCID) -- C:\Windows\System32\drivers\GemCCID.sys (Gemalto)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.comhttp://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2010/11/23 15:18:28 | 000,002,037 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb2.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google
riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2011/11/30 18:31:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A4F467-8F06-4D9B-A7EC-F89D639D7B84}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/02 19:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/02 17:31:24 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Malwarebytes
[2011/12/02 17:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/02 17:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/02 17:31:11 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/02 17:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/30 18:50:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/30 18:49:52 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\temp
[2011/11/30 17:47:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/29 15:56:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/29 15:56:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/29 15:56:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/29 15:46:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/29 15:44:32 | 004,321,290 | R--- | C] (Swearware) -- C:\Users\Sandra\Desktop\ComboFix.exe
[2011/11/29 13:06:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/29 10:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/11/29 10:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Paint.NET
[2011/11/29 10:28:57 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\Paint
[2011/11/29 10:09:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2011/11/29 10:06:50 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\gmer
[2011/11/29 07:34:18 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2011/11/28 16:32:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/28 16:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/11/28 16:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/25 18:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/25 18:12:19 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/11/25 18:04:58 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdkiller.com
[2011/11/25 17:55:15 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/25 17:53:01 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Google
[2011/11/25 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Apps
[2011/11/25 17:52:40 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Deployment
[2008/08/31 16:23:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2008/08/31 16:23:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2008/08/31 16:23:20 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2008/08/31 16:23:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2008/08/31 16:23:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2008/08/31 16:23:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2008/08/31 16:23:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2008/08/31 16:23:19 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2008/08/31 16:23:19 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2008/08/31 16:23:19 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2008/08/31 16:23:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2008/08/31 16:23:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2008/08/31 16:23:18 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2008/08/31 16:23:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2008/08/31 16:23:18 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2008/05/28 11:29:13 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
========== Files - Modified Within 30 Days ==========
[2011/12/06 11:46:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{077FCF45-234B-4E35-9958-7D72FB3A0C64}.job
[2011/12/06 11:45:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/12/06 11:45:06 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 11:45:06 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 11:45:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/03 00:18:20 | 000,618,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/03 00:18:20 | 000,114,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/02 23:58:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000UA.job
[2011/12/02 17:58:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000Core.job
[2011/12/02 17:31:17 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 22:31:07 | 000,002,627 | ---- | M] () -- C:\Users\Sandra\Desktop\Microsoft Office Word 2007.lnk
[2011/11/30 18:31:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/29 15:44:32 | 004,321,290 | R--- | M] (Swearware) -- C:\Users\Sandra\Desktop\ComboFix.exe
[2011/11/29 15:25:17 | 306,734,908 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/29 10:30:53 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/11/29 10:09:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2011/11/29 07:34:24 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2011/11/28 16:31:43 | 000,000,922 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/28 16:31:30 | 000,000,723 | ---- | M] () -- C:\Users\Sandra\Desktop\ERUNT.lnk
[2011/11/28 15:53:41 | 000,403,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/26 03:18:50 | 000,000,384 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2011/11/26 03:01:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/25 18:33:23 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/11/25 18:32:49 | 000,022,032 | ---- | M] () -- C:\Windows\DCEBoot.exe
[2011/11/25 18:16:27 | 000,000,036 | ---- | M] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2011/11/25 18:05:06 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdkiller.com
[2011/11/25 17:55:22 | 000,002,056 | ---- | M] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2011/11/25 17:55:22 | 000,002,018 | ---- | M] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/14 20:15:15 | 000,000,288 | ---- | M] () -- C:\ProgramData\~ai3h6NmYYVmUXf
[2011/11/14 20:15:15 | 000,000,216 | ---- | M] () -- C:\ProgramData\~ai3h6NmYYVmUXfr
[2011/11/14 20:15:11 | 000,000,336 | ---- | M] () -- C:\ProgramData\ai3h6NmYYVmUXf
========== Files Created - No Company Name ==========
[2011/12/02 17:31:17 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/29 15:56:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/29 15:56:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/29 15:56:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/29 15:56:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/29 15:56:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/29 15:25:17 | 306,734,908 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/29 10:30:53 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/11/29 10:30:53 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/11/28 16:31:43 | 000,000,922 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/28 16:31:30 | 000,000,723 | ---- | C] () -- C:\Users\Sandra\Desktop\ERUNT.lnk
[2011/11/26 03:18:50 | 000,000,384 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2011/11/25 18:32:49 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2011/11/25 18:32:28 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/11/25 18:16:27 | 000,000,036 | ---- | C] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2011/11/25 18:15:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/25 18:13:06 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/25 17:55:22 | 000,002,056 | ---- | C] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2011/11/25 17:55:22 | 000,002,018 | ---- | C] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/25 17:53:03 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000UA.job
[2011/11/25 17:53:01 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000Core.job
[2011/11/14 20:15:15 | 000,000,216 | ---- | C] () -- C:\ProgramData\~ai3h6NmYYVmUXfr
[2011/11/14 20:15:14 | 000,000,288 | ---- | C] () -- C:\ProgramData\~ai3h6NmYYVmUXf
[2011/11/14 20:15:11 | 000,000,336 | ---- | C] () -- C:\ProgramData\ai3h6NmYYVmUXf
[2011/02/10 12:00:07 | 000,008,885 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/02/06 00:15:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/29 19:31:02 | 000,000,680 | ---- | C] () -- C:\Users\Sandra\AppData\Local\d3d9caps.dat
[2009/10/22 16:12:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 16:12:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 10:06:15 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/09/23 10:06:06 | 000,000,392 | ---- | C] () -- C:\Windows\videoimp.ini
[2009/04/10 17:19:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/12/16 20:55:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/11 08:38:24 | 000,000,031 | ---- | C] () -- C:\Windows\UKCpInfo.sys
[2008/09/02 13:16:08 | 000,019,220 | ---- | C] () -- C:\Windows\wwdslcfg.ini
[2008/09/01 10:11:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/31 16:26:29 | 000,000,359 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008/08/31 16:23:20 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2008/08/31 16:23:19 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2008/08/31 12:54:02 | 000,036,864 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/30 03:14:01 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2008/08/29 19:50:48 | 000,001,770 | ---- | C] () -- C:\Windows\wininit.ini
[2008/05/28 11:32:14 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/05/28 11:32:14 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/05/28 11:30:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2008/05/28 11:29:13 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/03/16 20:42:41 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/16 20:10:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/16 19:16:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/03/16 19:03:42 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008/03/16 19:03:42 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/02/08 01:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 16:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,403,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,618,260 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,114,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/05 20:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005/09/14 00:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2005/09/14 00:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll
[2001/12/26 22:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 05:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 22:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 04:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Acer GameZone Console
[2010/10/08 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Doctor Who
[2008/09/02 14:59:26 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\eSobi
[2011/11/25 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Loyfz
[2011/02/09 20:38:02 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Umno
[2011/12/03 00:20:00 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/06 11:46:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{077FCF45-234B-4E35-9958-7D72FB3A0C64}.job
========== Purity Check ==========
< End of report >
ken545
Emeritus-Security Expert
Basically your log looks ok but just curious what these are, run this program and lets take a look unless you know what they are
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code::dir C:\ProgramData\~ai3h6NmYYVmUXf :file C:\ProgramData\~ai3h6NmYYVmUXf - Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Hi,
No idea what those files are....
I ran system look, here is the log result:
SystemLook 30.07.11 by jpshortstuff
Log created at 08:25 on 07/12/2011 by Sandra
Administrator - Elevation successful
========== dir ==========
C:\ProgramData\~ai3h6NmYYVmUXf - Unable to find folder.
========== file ==========
C:\ProgramData\~ai3h6NmYYVmUXf - File found and opened.
MD5: 2666FEEBC500CA7E464D54F27A5B1800
Created at 20:15 on 14/11/2011
Modified at 20:15 on 14/11/2011
Size: 288 bytes
Attributes: --a----
No version information available.
-= EOF =-
No idea what those files are....
I ran system look, here is the log result:
SystemLook 30.07.11 by jpshortstuff
Log created at 08:25 on 07/12/2011 by Sandra
Administrator - Elevation successful
========== dir ==========
C:\ProgramData\~ai3h6NmYYVmUXf - Unable to find folder.
========== file ==========
C:\ProgramData\~ai3h6NmYYVmUXf - File found and opened.
MD5: 2666FEEBC500CA7E464D54F27A5B1800
Created at 20:15 on 14/11/2011
Modified at 20:15 on 14/11/2011
Size: 288 bytes
Attributes: --a----
No version information available.
-= EOF =-
ken545
Emeritus-Security Expert
See if you can upload it, searching that MD5 is not showing me anything, sometimes games will create funny looking files like that.
You need to enable windows to show all files and folders, instructions Here
Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
C:\ProgramData\~ai3h6NmYYVmUXf
If the site is busy you can try this one
http://virusscan.jotti.org/en
You need to enable windows to show all files and folders, instructions Here
Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
C:\ProgramData\~ai3h6NmYYVmUXf
If the site is busy you can try this one
http://virusscan.jotti.org/en
Hi,
I uploaded the file to VirusTotal, here is the result:
Antivirus results
AhnLab-V3 - 2011.12.07.00 - 2011.12.07 - -
AntiVir - 7.11.19.14 - 2011.12.07 - -
Antiy-AVL - 2.0.3.7 - 2011.12.07 - -
Avast - 6.0.1289.0 - 2011.12.07 - -
AVG - 10.0.0.1190 - 2011.12.07 - -
BitDefender - 7.2 - 2011.12.07 - -
ByteHero - 1.0.0.1 - 2011.12.07 - -
CAT-QuickHeal - 12.00 - 2011.12.07 - -
ClamAV - 0.97.3.0 - 2011.12.07 - -
Commtouch - 5.3.2.6 - 2011.12.07 - -
Comodo - 10871 - 2011.12.07 - UnclassifiedMalware
DrWeb - 5.0.2.03300 - 2011.12.07 - -
Emsisoft - 5.1.0.11 - 2011.12.07 - -
eSafe - 7.0.17.0 - 2011.12.06 - -
eTrust-Vet - 37.0.9609 - 2011.12.07 - -
F-Prot - 4.6.5.141 - 2011.11.29 - -
F-Secure - 9.0.16440.0 - 2011.12.07 - -
Fortinet - 4.3.388.0 - 2011.12.07 - W32/FakeAvCn.A!tr
GData - 22 - 2011.12.07 - -
Ikarus - T3.1.1.109.0 - 2011.12.07 - -
Jiangmin - 13.0.900 - 2011.12.06 - -
K7AntiVirus - 9.119.5619 - 2011.12.07 - -
Kaspersky - 9.0.0.837 - 2011.12.07 - -
McAfee - 5.400.0.1158 - 2011.12.07 - FakeAlert!grb
McAfee-GW-Edition - 2010.1E - 2011.12.07 - FakeAlert!grb
Microsoft - 1.7903 - 2011.12.07 - -
NOD32 - 6691 - 2011.12.07 - -
Norman - 6.07.13 - 2011.12.07 - -
Panda - 10.0.3.5 - 2011.12.06 - Trj/SystemRestore.A
PCTools - 8.0.0.5 - 2011.12.07 - -
Prevx - 3.0 - 2011.12.07 - -
Rising - 23.87.02.01 - 2011.12.07 - -
Sophos - 4.71.0 - 2011.12.07 - Mal/FakeAvCn-A
SUPERAntiSpyware - 4.40.0.1006 - 2011.12.07 - -
Symantec - 20111.2.0.82 - 2011.12.07 - -
TheHacker - 6.7.0.1.352 - 2011.12.01 - -
TrendMicro - 9.500.0.1008 - 2011.12.07 - -
TrendMicro-HouseCall - 9.500.0.1008 - 2011.12.07 - -
VBA32 - 3.12.16.4 - 2011.12.07 - -
VIPRE - 11215 - 2011.12.07 - -
ViRobot - 2011.12.7.4813 - 2011.12.07 - -
VirusBuster - 14.1.103.0 - 2011.12.07 - -
File info:
MD5: 2666feebc500ca7e464d54f27a5b1800
SHA1: 83c0a0fcf19bafb812d914e8bbb4e7d82b4a18b5
SHA256: 90e05240c2a08bfde44d9683b87def48d1ddd33292f22234152e8df57999193d
File size: 288 bytes
Scan date: 2011-12-07 15:57:19 (UTC)
I uploaded the file to VirusTotal, here is the result:
Antivirus results
AhnLab-V3 - 2011.12.07.00 - 2011.12.07 - -
AntiVir - 7.11.19.14 - 2011.12.07 - -
Antiy-AVL - 2.0.3.7 - 2011.12.07 - -
Avast - 6.0.1289.0 - 2011.12.07 - -
AVG - 10.0.0.1190 - 2011.12.07 - -
BitDefender - 7.2 - 2011.12.07 - -
ByteHero - 1.0.0.1 - 2011.12.07 - -
CAT-QuickHeal - 12.00 - 2011.12.07 - -
ClamAV - 0.97.3.0 - 2011.12.07 - -
Commtouch - 5.3.2.6 - 2011.12.07 - -
Comodo - 10871 - 2011.12.07 - UnclassifiedMalware
DrWeb - 5.0.2.03300 - 2011.12.07 - -
Emsisoft - 5.1.0.11 - 2011.12.07 - -
eSafe - 7.0.17.0 - 2011.12.06 - -
eTrust-Vet - 37.0.9609 - 2011.12.07 - -
F-Prot - 4.6.5.141 - 2011.11.29 - -
F-Secure - 9.0.16440.0 - 2011.12.07 - -
Fortinet - 4.3.388.0 - 2011.12.07 - W32/FakeAvCn.A!tr
GData - 22 - 2011.12.07 - -
Ikarus - T3.1.1.109.0 - 2011.12.07 - -
Jiangmin - 13.0.900 - 2011.12.06 - -
K7AntiVirus - 9.119.5619 - 2011.12.07 - -
Kaspersky - 9.0.0.837 - 2011.12.07 - -
McAfee - 5.400.0.1158 - 2011.12.07 - FakeAlert!grb
McAfee-GW-Edition - 2010.1E - 2011.12.07 - FakeAlert!grb
Microsoft - 1.7903 - 2011.12.07 - -
NOD32 - 6691 - 2011.12.07 - -
Norman - 6.07.13 - 2011.12.07 - -
Panda - 10.0.3.5 - 2011.12.06 - Trj/SystemRestore.A
PCTools - 8.0.0.5 - 2011.12.07 - -
Prevx - 3.0 - 2011.12.07 - -
Rising - 23.87.02.01 - 2011.12.07 - -
Sophos - 4.71.0 - 2011.12.07 - Mal/FakeAvCn-A
SUPERAntiSpyware - 4.40.0.1006 - 2011.12.07 - -
Symantec - 20111.2.0.82 - 2011.12.07 - -
TheHacker - 6.7.0.1.352 - 2011.12.01 - -
TrendMicro - 9.500.0.1008 - 2011.12.07 - -
TrendMicro-HouseCall - 9.500.0.1008 - 2011.12.07 - -
VBA32 - 3.12.16.4 - 2011.12.07 - -
VIPRE - 11215 - 2011.12.07 - -
ViRobot - 2011.12.7.4813 - 2011.12.07 - -
VirusBuster - 14.1.103.0 - 2011.12.07 - -
File info:
MD5: 2666feebc500ca7e464d54f27a5b1800
SHA1: 83c0a0fcf19bafb812d914e8bbb4e7d82b4a18b5
SHA256: 90e05240c2a08bfde44d9683b87def48d1ddd33292f22234152e8df57999193d
File size: 288 bytes
Scan date: 2011-12-07 15:57:19 (UTC)
ken545
Emeritus-Security Expert
Thanks for hanging in with me :bigthumb:
Lets see if you can delete these manually by right clicking on the file and select delete, leave them in your Recycle Bin, reboot and make sure no problems, if no problems than empty your Recycle Bin
C:\ProgramData\~ai3h6NmYYVmUXfr
C:\ProgramData\~ai3h6NmYYVmUXf
C:\ProgramData\ai3h6NmYYVmUXf
Let me know how it went ?
Lets see if you can delete these manually by right clicking on the file and select delete, leave them in your Recycle Bin, reboot and make sure no problems, if no problems than empty your Recycle Bin
C:\ProgramData\~ai3h6NmYYVmUXfr
C:\ProgramData\~ai3h6NmYYVmUXf
C:\ProgramData\ai3h6NmYYVmUXf
Let me know how it went ?
ken545
Emeritus-Security Expert
Wonderful :bigthumb:
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
Safe Surfn
Ken
- Click START then RUN
- Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.- WhattheTech
- GeeksTo Go
- Dslreports
Safe Surfn
Ken
Something of a problem.... The re-direct appears to have, well, re-appeared. I just googled something (actually how to find the run box in Vista) and now all links are re-directing from the google search again (and yahoo actually).
I haven’t been on the computer since my post yesterday. MSE is running and up to date so not sure what has happened.... :sad:
I haven’t been on the computer since my post yesterday. MSE is running and up to date so not sure what has happened.... :sad: