mbam log

2 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

mbam log30th April 2010, 2:22 pm

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828

4/30/2010 7:08:11 AM
mbam-log-2010-04-30 (07-08-11).txt

Scan type: Full scan (C:\|)
Objects scanned: 164777
Time elapsed: 44 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.PWS) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\directory\CyberGate (Trojan.PWS) -> Quarantined and deleted successfully.
C:\directory\CyberGate\install (Trojan.PWS) -> Quarantined and deleted successfully.

Files Infected:
C:\directory\CyberGate\install\server.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Users\beau\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\beau\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\beau\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.

Re: mbam log30th April 2010, 7:06 pm

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: mbam log30th April 2010, 11:49 pm

un 2
OTL by OldTimer - Version 3.2.3.1 Folder = C:\Users\beau\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 125.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.16 Gb Total Space | 20.85 Gb Free Space | 56.12% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 71.47 Mb Free Space | 71.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 1.61 Gb Free Space | 21.55% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEAU-PC
Current User Name: beau
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/30 16:38:23 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\beau\Downloads\OTL.exe
PRC - [2010/01/26 17:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/04/11 06:19:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 19:21:41 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

========== Modules (SafeList) ==========

MOD - [2010/04/30 16:38:23 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\beau\Downloads\OTL.exe
MOD - [2009/04/11 06:19:13 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/01/20 19:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2009/04/11 06:18:59 | 000,069,096 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 19:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:21:27 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/20 19:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/22 12:06:08 | 000,893,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:36:49 | 000,108,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:56 | 002,589,184 | ---- | M] (Intel

Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 00:30:52 | 000,030,720 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 DA 61 01 2C E8 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/30 15:18:16 | 000,000,000 | ---D | C] -- C:\Users\beau\AppData\Roaming\Macromedia
[2010/04/30 15:18:05 | 000,000,000 | ---D | C] -- C:\Users\beau\AppData\Roaming\Adobe
[2010/04/30 15:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/04/30 15:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/04/30 15:16:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/04/30 06:00:08 | 000,000,000 | ---D | C] -- C:\Users\beau\AppData\Roaming\Malwarebytes
[2010/04/30 05:59:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/30 05:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/30 05:59:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/30 05:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/30 05:13:15 | 000,000,000 | ---D | C] -- C:\Users\beau\AppData\Local\Microsoft Games
[2010/04/30 02:40:45 | 000,000,000 | ---D | C] -- C:\iSofterOutput
[2010/04/30 02:27:22 | 000,716,800 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2010/04/30 02:27:22 | 000,593,920 | ---- | C] (DivXNetworks) -- C:\Windows\System32\dpuGUI11.dll
[2010/04/30 02:27:22 | 000,577,536 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\System32\divxdec.ax
[2010/04/30 02:27:22 | 000,574,976 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll
[2010/04/30 02:27:22 | 000,294,912 | ---- | C] (DivXNetworks) -- C:\Windows\System32\dpu11.dll
[2010/04/30 02:27:22 | 000,200,704 | ---- | C] (DivXNetworks) -- C:\Windows\System32\dtu100.dll
[2010/04/30 02:27:22 | 000,086,016 | ---- | C] (DivXNetworks) -- C:\Windows\System32\dpl100.dll
[2010/04/30 02:27:22 | 000,057,344 | ---- | C] (DivXNetworks) -- C:\Windows\System32\dpv11.dll
[2010/04/30 02:27:21 | 001,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\libdivx.dll
[2010/04/30 02:27:21 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\ssldivx.dll
[2010/04/30 02:27:21 | 000,045,056 | ---- | C] (Adaptec) -- C:\Windows\System32\wnaspi32.dll
[2010/04/30 02:27:21 | 000,016,512 | ---- | C] (Adaptec) -- C:\Windows\System32\drivers\aspi32.sys
[2010/04/30 02:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\iSofter
[2010/04/30 02:08:54 | 000,000,000 | ---D | C] -- C:\Users\beau\VIDEO_TS
[2010/04/30 00:05:14 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2010/04/30 00:04:37 | 000,893,440 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athrusb.sys
[2010/04/30 00:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\EnGenius
[2010/04/30 00:04:35 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/30 00:04:04 | 000,000,000 | ---D | C] -- C:\Users\beau\AppData\Roaming\InstallShield
[2010/04/29 23:41:56 | 000,000,000 | ---D | C] -- C:\Users\beau\Documents\ConvertXtoDVD
[2010/04/29 23:35:53 | 000,000,000 | R--D | C] -- C:\Users\beau\Searches
[2010/04/29 23:35:39 | 000,000,000 | ---D | C] -- C:\Users\beau\AppData\Roaming\Identities
[2010/04/29 23:35:36 | 000,000,000 | R--D | C] -- C:\Users\beau\Contacts
[2010/04/29 23:35:34 | 000,000,000 | ---D | C] -- C:\Users\beau\AppData\Local\VirtualStore
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\AppData\Local\Temporary Internet Files
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\Templates
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\Start Menu
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\SendTo
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\Recent
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\PrintHood
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\NetHood
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\Documents\My Videos
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\Documents\My Pictures
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\Documents\My Music
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\My Documents
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\Local Settings
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\AppData\Local\History
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\Cookies
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\Application Data
[2010/04/29 23:35:21 | 000,000,000 | -HSD | C] -- C:\Users\beau\AppData\Local\Application Data
[2010/04/29 23:35:19 | 000,000,000 | --SD | C] -- C:\Users\beau\AppData\Roaming\Microsoft
[2010/04/29 23:35:19 | 000,000,000 | R--D | C] -- C:\Users\beau\Videos
[2010/04/29 23:35:19 | 000,000,000 | R--D | C] -- C:\Users\beau\Saved Games
[2010/04/29 23:35:19 | 000,000,000 | R--D | C] -- C:\Users\beau\Pictures
[2010/04/29 23:35:19 | 000,000,000 | R--D | C] -- C:\Users\beau\Music
[2010/04/29 23:35:19 | 000,000,000 | R--D | C] -- C:\Users\beau\Links
[2010/04/29 23:35:19 | 000,000,000 | R--D | C] -- C:\Users\beau\Favorites
[2010/04/29 23:35:19 | 000,000,000 | R--D | C] -- C:\Users\beau\Downloads
[2010/04/29 23:35:19 | 000,000,000 | R--D | C] -- C:\Users\beau\Documents
[2010/04/29 23:35:19 | 000,000,000 | R--D | C] -- C:\Users\beau\Desktop
[2010/04/29 23:35:19 | 000,000,000 | -H-D | C] -- C:\Users\beau\AppData
[2010/04/29 23:35:19 | 000,000,000 | ---D | C] -- C:\Users\beau\AppData\Local\Temp
[2010/04/29 23:35:19 | 000,000,000 | ---D | C] -- C:\Users\beau\AppData\Local\Microsoft
[2010/04/29 23:35:19 | 000,000,000 | ---D | C] -- C:\Users\beau\AppData\Roaming\Media Center Programs
[2010/04/29 23:34:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\beau\AppData\Roaming\pcouffin.sys
[2010/04/29 23:34:46 | 000,000,000 | ---D | C] -- C:\Users\beau\AppData\Roaming\Vso
[2010/04/29 23:34:46 | 000,000,000 | ---D | C] -- C:\Users\beau\Documents\PcSetup
[2010/04/29 23:30:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/04/29 23:30:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/04/29 23:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/04/29 23:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/04/29 23:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/04/29 23:30:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2010/04/29 23:30:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/04/29 23:30:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/04/29 23:30:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/04/29 23:30:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/04/29 23:24:11 | 000,000,000 | ---D | C] -- C:\directory
[2010/04/29 23:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/29 23:23:08 | 000,000,000 | ---D | C] -- C:\Users\beau\AppData\Roaming\WinRAR
[2010/04/29 22:58:42 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/04/29 22:56:34 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010/04/29 07:09:59 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2010/04/30 16:45:32 | 000,786,432 | -HS- | M] () -- C:\Users\beau\NTUSER.DAT
[2010/04/30 16:35:15 | 000,016,896 | ---- | M] () -- C:\Users\beau\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 14:56:32 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/30 14:56:32 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/30 14:56:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/30 07:22:24 | 000,000,250 | ---- | M] () -- C:\Users\beau\AppData\Roaming\logs.dat
[2010/04/30 07:12:06 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\llmkoeq.sys
[2010/04/30 05:59:55 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/30 05:27:06 | 000,087,608 | ---- | M] () -- C:\Users\beau\AppData\Roaming\inst.exe
[2010/04/30 05:27:06 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\beau\AppData\Roaming\pcouffin.sys
[2010/04/30 05:27:06 | 000,007,887 | ---- | M] () -- C:\Users\beau\AppData\Roaming\pcouffin.cat
[2010/04/30 05:27:06 | 000,001,144 | ---- | M] () -- C:\Users\beau\AppData\Roaming\pcouffin.inf
[2010/04/30 04:16:17 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/30 04:16:17 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/30 04:16:17 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/30 04:07:05 | 000,000,000 | ---- | M] () -- C:\statistics.xml
[2010/04/30 02:07:06 | 000,000,671 | ---- | M] () -- C:\Users\beau\AppData\Roaming\vso_ts_preview.xml
[2010/04/30 00:03:03 | 000,000,949 | ---- | M] () -- C:\Users\beau\Desktop\Internet Explorer.lnk
[2010/04/29 23:41:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/04/29 23:40:14 | 000,048,600 | ---- | M] () -- C:\Users\beau\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/29 23:39:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/29 23:38:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\atiicdxx.dat
[2010/04/29 23:38:20 | 536,272,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/29 23:37:04 | 000,524,288 | -HS- | M] () -- C:\Users\beau\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010/04/29 23:37:04 | 000,524,288 | -HS- | M] () -- C:\Users\beau\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/04/29 23:37:04 | 000,065,536 | -HS- | M] () -- C:\Users\beau\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/04/29 23:37:03 | 001,063,509 | -H-- | M] () -- C:\Users\beau\AppData\Local\IconCache.db
[2010/04/29 23:36:40 | 000,000,680 | ---- | M] () -- C:\Users\beau\AppData\Local\d3d9caps.dat
[2010/04/29 23:35:21 | 000,000,020 | -HS- | M] () -- C:\Users\beau\ntuser.ini
[2010/04/29 23:02:06 | 000,048,745 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/04/29 22:55:57 | 000,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/04/30 07:15:25 | 000,000,250 | ---- | C] () -- C:\Users\beau\AppData\Roaming\logs.dat
[2010/04/30 07:12:06 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\llmkoeq.sys
[2010/04/30 05:59:55 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/30 02:40:48 | 000,000,000 | ---- | C] () -- C:\statistics.xml
[2010/04/30 02:27:22 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/04/30 02:27:22 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/30 02:27:22 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2010/04/30 02:27:21 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/04/30 00:03:03 | 000,000,949 | ---- | C] () -- C:\Users\beau\Desktop\Internet Explorer.lnk
[2010/04/29 23:41:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/04/29 23:41:38 | 000,016,896 | ---- | C] () -- C:\Users\beau\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 23:38:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/04/29 23:38:20 | 536,272,896 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/29 23:38:04 | 000,000,671 | ---- | C] () -- C:\Users\beau\AppData\Roaming\vso_ts_preview.xml
[2010/04/29 23:36:06 | 000,000,033 | ---- | C] () -- C:\Users\beau\AppData\Roaming\pcouffin.log
[2010/04/29 23:35:27 | 000,000,680 | ---- | C] () -- C:\Users\beau\AppData\Local\d3d9caps.dat
[2010/04/29 23:35:21 | 000,524,288 | -HS- | C] () -- C:\Users\beau\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010/04/29 23:35:21 | 000,524,288 | -HS- | C] () -- C:\Users\beau\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/04/29 23:35:21 | 000,000,020 | -HS- | C] () -- C:\Users\beau\ntuser.ini
[2010/04/29 23:35:20 | 000,262,144 | -H-- | C] () -- C:\Users\beau\ntuser.dat.LOG1
[2010/04/29 23:35:20 | 000,065,536 | -HS- | C] () -- C:\Users\beau\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/04/29 23:35:20 | 000,000,000 | -H-- | C] () -- C:\Users\beau\ntuser.dat.LOG2
[2010/04/29 23:35:19 | 000,786,432 | -HS- | C] () -- C:\Users\beau\NTUSER.DAT
[2010/04/29 23:34:46 | 000,087,608 | ---- | C] () -- C:\Users\beau\AppData\Roaming\inst.exe
[2010/04/29 23:34:46 | 000,007,887 | ---- | C] () -- C:\Users\beau\AppData\Roaming\pcouffin.cat
[2010/04/29 23:34:46 | 000,001,144 | ---- | C] () -- C:\Users\beau\AppData\Roaming\pcouffin.inf
[2009/04/11 06:19:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/01/20 19:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 05:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

Re: mbam log30th April 2010, 11:59 pm

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
[2010/04/30 07:12:06 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\llmkoeq.sys
[2010/04/30 05:27:06 | 000,087,608 | ---- | M] () -- C:\Users\beau\AppData\Roaming\inst.exe
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

OTL fix log1st May 2010, 4:40 am

========== OTL ==========
File C:\Windows\System32\drivers\llmkoeq.sys not found.
C:\Users\beau\AppData\Roaming\inst.exe moved successfully.

OTL by OldTimer - Version 3.2.3.1 log created on 04302010_213533

Please keep all of your posts in this topic. Do not start a new topic. Thanks! ~DragonMaster Jay

Re: mbam log1st May 2010, 2:59 pm

Download combofix from here
Link 1

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:

mbam log CF_download_FF

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

See HERE for how to disable your AV.
Double click on svchost.exe.
Follow the prompts. NOTE:
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouse click combofix's window whilst it's running. That may cause it to stall.

Re: mbam log2nd May 2010, 7:19 am

ComboFix 10-05-01.04 - beau 05/01/2010 23:52:08.2.1 - x86
Microsoft

Windows Vista

Ultimate 6.0.6002.2.1252.1.1033.18.511.177 [GMT -7:00]
Running from: c:\users\beau\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-02 06:58 . 2010-05-02 06:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-02 04:29 . 2010-05-02 04:29 -------- d-----w- c:\users\beau\AppData\Roaming\AdobeUM
2010-05-02 04:28 . 2010-05-02 04:29 -------- d-----w- c:\users\beau\AppData\Local\Adobe
2010-05-02 04:26 . 2010-05-02 04:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-01 04:35 . 2010-05-01 04:35 -------- d-----w- C:\_OTL
2010-04-30 22:16 . 2010-04-30 22:16 -------- d-----w- c:\windows\system32\Macromed
2010-04-30 13:00 . 2010-04-30 13:00 -------- d-----w- c:\users\beau\AppData\Roaming\Malwarebytes
2010-04-30 12:59 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-30 12:59 . 2010-04-30 12:59 -------- d-----w- c:\programdata\Malwarebytes
2010-04-30 12:59 . 2010-04-30 14:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 12:59 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-30 12:13 . 2010-04-30 12:23 -------- d-----w- c:\users\beau\AppData\Local\Microsoft Games
2010-04-30 09:40 . 2010-04-30 11:07 -------- d-----w- C:\iSofterOutput
2010-04-30 09:08 . 2010-04-30 09:11 -------- d-----w- c:\users\beau\VIDEO_TS
2010-04-30 07:04 . 2007-11-22 19:06 893440 ----a-w- c:\windows\system32\drivers\athrusb.sys
2010-04-30 07:04 . 2010-04-30 07:04 -------- d-----w- c:\program files\EnGenius
2010-04-30 07:04 . 2010-04-30 07:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-30 07:04 . 2010-04-30 07:04 -------- d-----w- c:\users\beau\AppData\Roaming\InstallShield
2010-04-30 06:38 . 2010-04-30 06:38 0 ----a-w- c:\windows\system32\atiicdxx.dat
2010-04-30 06:36 . 2010-04-30 06:40 48600 ----a-w- c:\users\beau\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-30 06:34 . 2010-04-30 12:27 -------- d-----w- c:\users\beau\AppData\Roaming\Vso
2010-04-30 06:34 . 2010-04-30 12:27 47360 ----a-w- c:\users\beau\AppData\Roaming\pcouffin.sys
2010-04-30 06:34 . 2010-04-30 06:34 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-04-30 06:24 . 2010-04-30 14:08 -------- d-----w- C:\directory
2010-04-29 14:09 . 2010-04-29 14:09 -------- d-----w- C:\Recovery

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 12:26 . 2010-04-30 09:27 -------- d-----w- c:\program files\iSofter
2010-04-30 06:41 . 2010-04-30 06:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-04-30 06:36 . 2010-04-30 06:35 680 ----a-w- c:\users\beau\AppData\Local\d3d9caps.dat
2010-04-30 06:30 . 2010-04-30 06:30 -------- d-sh--we c:\programdata\Templates
2010-04-30 06:30 . 2010-04-30 06:30 -------- d-sh--we c:\programdata\Start Menu
2010-04-30 06:30 . 2010-04-30 06:30 -------- d-sh--we c:\programdata\Favorites
2010-04-30 06:30 . 2010-04-30 06:30 -------- d-sh--we c:\programdata\Documents
2010-04-30 06:30 . 2010-04-30 06:30 -------- d-sh--we c:\programdata\Desktop
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):18,aa,f7,f7,a9,ba,c9,01

R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2007-11-22 893440]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 23:59
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-05-02 00:02:14
ComboFix-quarantined-files.txt 2010-05-02 07:02

Pre-Run: 21,304,819,712 bytes free
Post-Run: 21,262,524,416 bytes free

- - End Of File - - 1F7E0663D2BE50539600E58583C24CF4

Re: mbam log2nd May 2010, 9:01 pm

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Re: mbam log5th May 2010, 7:21 pm

Thanx, you guys or girls are the shit

Re: mbam log5th May 2010, 7:56 pm

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

mbam log

descriptionmbam log30th April 2010, 2:22 pm

descriptionRe: mbam log30th April 2010, 7:06 pm

descriptionRe: mbam log30th April 2010, 11:49 pm

descriptionRe: mbam log30th April 2010, 11:59 pm

descriptionOTL fix log1st May 2010, 4:40 am

descriptionRe: mbam log1st May 2010, 2:59 pm

descriptionRe: mbam log2nd May 2010, 7:19 am

descriptionRe: mbam log2nd May 2010, 9:01 pm

descriptionRe: mbam log5th May 2010, 7:21 pm

descriptionRe: mbam log5th May 2010, 7:56 pm

descriptionRe: mbam log