Results 1 to 4 of 4

Thread: Need help with Malware Infection

  1. #1
    FPCH New Member
    Join Date
    Feb 2012
    Location
    Coronado, CA
    Posts
    7

    PC Experience:
    Beginner


    Operating System:
    Windows Vista - Home Basic

    Default Need help with Malware Infection

    Hi, my computer was completely taken over so I went to the malware location of "Internet Security" (a fake program trying to get me to buy their removal service) and renamed the file to Virus. This allowed me to get internet, Microsoft Security Essentials didn't find anything. I am having problems with this computer, my laptop and I am also having similar problems with my desktop computer. I will start a separate thread for the desktop. Here are the following logs for the laptop (ACER AMD Athlon(tm) Processor TF-20 running of Vista Home basic:


    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.13.02

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.18005
    Michelle_2 :: SILVERIA [administrator]

    Protection: Enabled

    2/12/2012 11:22:16 PM
    mbam-log-2012-02-12 (23-22-16).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 327858
    Time elapsed: 2 hour(s), 8 minute(s), 58 second(s)

    Memory Processes Detected: 1
    C:\Users\Michelle_2\AppData\Local\dplaysvr.exe (Trojan.FakeAlert) -> 3932 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |dplaysvr (Trojan.FakeAlert) -> Data: C:\Users\Michelle_2\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 10
    C:\Users\Michelle_2\AppData\Local\dplaysvr.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\Users\Michelle_2\AppData\Local\Temp\~!#2BD6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Michelle_2\AppData\Local\Temp\~!#3633.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Users\Michelle_2\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Users\Michelle_2\AppData\Local\Temp\D030.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Michelle_2\AppData\Local\Temp\D7FE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Michelle_2\AppData\Roaming\virus.exe (Rogue.InternetSecurity) -> Quarantined and deleted successfully.
    C:\Users\Michelle_2\Downloads\frzfonts_1335(1).exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
    C:\Users\Michelle_2\Downloads\frzfonts_1335.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
    C:\Users\Michelle_2\AppData\Local\Temp\yr0.8503440 826112978.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.

    (end)

    Extras.TxtOTL.Txt



    Thank you so much for your help!

    OTL logfile created on: 2/13/2012 1:49:18 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michelle_2\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.75 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 46.34% Memory free
    3.74 Gb Paging File | 2.56 Gb Available in Paging File | 68.53% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139.04 Gb Total Space | 28.31 Gb Free Space | 20.36% Space Free | Partition Type: NTFS

    Computer Name: SILVERIA | User Name: Michelle_2 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Michelle_2\Desktop\OTL.scr (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Users\Michelle_2\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Users\Michelle_2\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Users\michelle\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    PRC - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
    PRC - C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated)
    PRC - C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe (Acer)
    PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    PRC - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
    PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
    PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\27b0a88bfa56a9390f516b0fa55f3dcb\System.We b.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19 \System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Acc essibility\5b0159d1e1269d2da867b576bd6359d5\Access ibility.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e \System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\Syste m.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xm l.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\207b1e1e2254c7a308efe4f903e52ce2 \System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\34942db56010e4225825bfae8a27559f\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni .dll ()
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
    MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
    MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysMa nager.Graphics.Wizard\2.0.3266.29383__90ba9c70f846 762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode. Graphics.Wizard\2.0.3266.29459__90ba9c70f846762e\C LI.Aspect.TransCode.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Ru ntime\2.0.3266.29368__90ba9c70f846762e\CLI.Caste.G raphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre .Graphics.Wizard\2.0.3266.29384__90ba9c70f846762e\ CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.G raphics.Runtime\2.0.3266.29438__90ba9c70f846762e\C LI.Aspect.DeviceTV.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.G raphics.Runtime\2.0.3266.29418__90ba9c70f846762e\C LI.Aspect.DeviceCV.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wi zard\2.0.3266.29380__90ba9c70f846762e\CLI.Caste.Gr aphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProp erty.Graphics.Runtime\2.0.3266.29405__90ba9c70f846 762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHan dling.Graphics.Runtime\2.0.3266.29375__90ba9c70f84 6762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.G raphics.Dashboard\2.0.3266.29424__90ba9c70f846762e \CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayD PPE.Graphics.Dashboard\2.0.3266.29459__90ba9c70f84 6762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard. dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Gr aphics.Dashboard\2.0.3266.29460__90ba9c70f846762e\ CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.G raphics.Wizard\2.0.3266.29424__90ba9c70f846762e\CL I.Aspect.Radeon3D.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Da shboard\2.0.3266.29374__90ba9c70f846762e\CLI.Caste .Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.G raphics.Runtime\2.0.3266.29423__90ba9c70f846762e\C LI.Aspect.Radeon3D.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayD PPE.Graphics.Runtime\2.0.3266.29458__90ba9c70f8467 62e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Gr aphics.Dashboard\2.0.3266.29408__90ba9c70f846762e\ CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysMa nager.Graphics.Dashboard\2.0.3266.29376__90ba9c70f 846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysCo lour2.Graphics.Dashboard\2.0.3266.29385__90ba9c70f 846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT. Graphics.Dashboard\2.0.3266.29406__90ba9c70f846762 e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Gr aphics.Wizard\2.0.3266.29433__90ba9c70f846762e\CLI .Aspect.MMVideo.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD. Graphics.Dashboard\2.0.3266.29417__90ba9c70f846762 e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD. Graphics.Wizard\2.0.3266.29388__90ba9c70f846762e\C LI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre .Graphics.Dashboard\2.0.3266.29385__90ba9c70f84676 2e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOp tions.Graphics.Dashboard\2.0.3266.29416__90ba9c70f 846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Gr aphics.Runtime\2.0.3266.29407__90ba9c70f846762e\CL I.Aspect.MMVideo.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP. Graphics.Runtime\2.0.3266.29406__90ba9c70f846762e\ CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysCo lour2.Graphics.Runtime\2.0.3266.29388__90ba9c70f84 6762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT. Graphics.Runtime\2.0.3266.29407__90ba9c70f846762e\ CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOp tions.Graphics.Runtime\2.0.3266.29415__90ba9c70f84 6762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.32 18.28664__90ba9c70f846762e\LOG.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD. Graphics.Runtime\2.0.3266.29417__90ba9c70f846762e\ CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0 .3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dl l ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218 .28687__90ba9c70f846762e\DEM.OS.I0602.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Sh ared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.H otkeys.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shar ed\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CC AA.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.32 18.28686__90ba9c70f846762e\MOM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessage s.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plug in.WinMessages.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\ 2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Sha red.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared \2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.S hared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Share d\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE .Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90b a9c70f846762e\atixclib.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.32 18.28666__90ba9c70f846762e\CLI.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.G raphics.Shared\2.0.3218.28694__90ba9c70f846762e\CL I.Aspect.DeviceTV.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Sh ared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Gr aphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Gr aphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI .Aspect.MMVideo.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT. Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\C LI.Aspect.DeviceCRT.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.G raphics.Shared\2.0.3218.28694__90ba9c70f846762e\CL I.Aspect.Radeon3D.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP. Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\C LI.Aspect.DeviceDFP.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2. 0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601. dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode. Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\C LI.Aspect.TransCode.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.G raphics.Shared\2.0.3218.28694__90ba9c70f846762e\CL I.Aspect.DeviceCV.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProp erty.Graphics.Shared\2.0.3218.28685__90ba9c70f8467 62e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManif est\2.0.3218.28727__90ba9c70f846762e\CLI.Foundatio n.XManifest.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayD PPE.Graphics.Shared\2.0.3218.28701__90ba9c70f84676 2e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysCo lour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846 762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD. Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\C LI.Aspect.DeviceLCD.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomForm ats.Graphics.Shared\2.0.3218.28686__90ba9c70f84676 2e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOp tions.Graphics.Shared\2.0.3218.28693__90ba9c70f846 762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l ()
    MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.Displays Manager.Shared\2.0.2573.17685__90ba9c70f846762e\AC E.Graphics.DisplaysManager.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard. Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Compon ent.Wizard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboa rd.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Com ponent.Dashboard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client. Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Compon ent.Client.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHan dling.Graphics.Shared\2.0.3218.28689__90ba9c70f846 762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l ()
    MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.32 18.28685__90ba9c70f846762e\APM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687 __90ba9c70f846762e\DEM.OS.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2. 0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706. dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218 .28688__90ba9c70f846762e\DEM.Graphics.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.25 73.17684__90ba9c70f846762e\DEM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime .Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Compo nent.Runtime.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wi zard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.C aste.Graphics.Wizard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Da shboard.Shared\2.0.3218.28688__90ba9c70f846762e\CL I.Caste.Graphics.Dashboard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0 .3218.28678__90ba9c70f846762e\AEM.Server.Shared.dl l ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboa rd\2.0.3266.29372__90ba9c70f846762e\CLI.Component. Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemt ray\2.0.3266.29447__90ba9c70f846762e\CLI.Component .Systemtray.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\ 2.0.3266.29379__90ba9c70f846762e\CLI.Component.Wiz ard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2. 0.3266.29453__90ba9c70f846762e\MOM.Implementation. dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime \2.0.3266.29366__90ba9c70f846762e\CLI.Component.Ru ntime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implem entation\2.0.3266.29451__90ba9c70f846762e\LOG.Foun dation.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFac tory\2.0.3266.29368__90ba9c70f846762e\CLI.Componen t.SkinFactory.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime .Shared.Private\2.0.3218.28682__90ba9c70f846762e\C LI.Component.Runtime.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit .Server\2.0.3266.29468__90ba9c70f846762e\AEM.Plugi n.Source.Kit.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Privat e\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation. Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client. Shared.Private\2.0.3218.28675__90ba9c70f846762e\CL I.Component.Client.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Privat e\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation. Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2. 0.3266.29452__90ba9c70f846762e\CCC.Implementation. dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard. Shared.Private\2.0.3218.28681__90ba9c70f846762e\CL I.Component.Wizard.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implem entation.Private\2.0.3218.28686__90ba9c70f846762e\ LOG.Foundation.Implementation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboa rd.Shared.Private\2.0.3218.28682__90ba9c70f846762e \CLI.Component.Dashboard.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Ru ntime.Shared.Private\2.0.3218.28695__90ba9c70f8467 62e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundati on.Private\2.0.3218.28670__90ba9c70f846762e\LOCALI ZATION.Foundation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1. 0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
    MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__ 90ba9c70f846762e\Interop.WBOCXLib.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundati on.Implementation\2.0.3266.29476__90ba9c70f846762e \LOCALIZATION.Foundation.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime .Extension.EEU\2.0.3266.29366__90ba9c70f846762e\CL I.Component.Runtime.Extension.EEU.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3266.293 67__90ba9c70f846762e\ATIDEMOS.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3266.2 9365__90ba9c70f846762e\APM.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3266.2 9366__90ba9c70f846762e\AEM.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90b a9c70f846762e\ATICCCom.dll ()
    MOD - C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
    MOD - C:\Windows\System32\atitmmxx.dll ()
    MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (MBAMService) -- C:\Users\Michelle_2\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
    SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
    DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
    DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
    DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (Advanced Micro Devices, Inc)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
    DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
    DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
    DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5516
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5516

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5516
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "chrome://foxtab/content/homepage.html"
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/11 13:31:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/12/16 07:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle_2\AppData\Roaming\mozilla\Extens ions
    [2012/02/13 01:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle_2\AppData\Roaming\mozilla\Firefo x\Profiles\ydo3lbti.default\extensions
    [2012/02/10 16:29:29 | 000,000,000 | ---D | M] (Surfmark Toolbar) -- C:\Users\Michelle_2\AppData\Roaming\mozilla\Firefo x\Profiles\ydo3lbti.default\extensions\{50A39F1D-492E-4e5f-AE19-16EFD425A25B}
    [2012/01/25 16:39:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Michelle_2\AppData\Roaming\mozilla\Firefo x\Profiles\ydo3lbti.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/02/07 19:33:45 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Michelle_2\AppData\Roaming\mozilla\Firefo x\Profiles\ydo3lbti.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    [2012/02/13 01:44:01 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Michelle_2\AppData\Roaming\mozilla\Firefo x\Profiles\ydo3lbti.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/01/07 14:28:24 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\Michelle_2\AppData\Roaming\mozilla\Firefo x\Profiles\ydo3lbti.default\extensions\screencaptu reelite@plugin
    [2012/02/07 12:21:38 | 000,000,000 | ---D | M] (Wappalyzer) -- C:\Users\Michelle_2\AppData\Roaming\mozilla\Firefo x\Profiles\ydo3lbti.default\extensions\wappalyzer@ crunchlabz.com
    [2012/02/11 13:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    () (No name found) -- C:\USERS\MICHELLE_2\APPDATA\ROAMING\MOZILLA\FIREFO X\PROFILES\YDO3LBTI.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    () (No name found) -- C:\USERS\MICHELLE_2\APPDATA\ROAMING\MOZILLA\FIREFO X\PROFILES\YDO3LBTI.DEFAULT\EXTENSIONS\{9CDB2440-CD50-11E0-9572-0800200C9A66}.XPI
    () (No name found) -- C:\USERS\MICHELLE_2\APPDATA\ROAMING\MOZILLA\FIREFO X\PROFILES\YDO3LBTI.DEFAULT\EXTENSIONS\{C0CB8BA3-6C1B-47E8-A6AB-1FAB889562D9}.XPI
    () (No name found) -- C:\USERS\MICHELLE_2\APPDATA\ROAMING\MOZILLA\FIREFO X\PROFILES\YDO3LBTI.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
    () (No name found) -- C:\USERS\MICHELLE_2\APPDATA\ROAMING\MOZILLA\FIREFO X\PROFILES\YDO3LBTI.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
    () (No name found) -- C:\USERS\MICHELLE_2\APPDATA\ROAMING\MOZILLA\FIREFO X\PROFILES\YDO3LBTI.DEFAULT\EXTENSIONS\CLEARCACHE@ MICHEL.DE.ALMEIDA.XPI
    () (No name found) -- C:\USERS\MICHELLE_2\APPDATA\ROAMING\MOZILLA\FIREFO X\PROFILES\YDO3LBTI.DEFAULT\EXTENSIONS\FIREBUG@SOF TWARE.JOEHEWITT.COM.XPI
    () (No name found) -- C:\USERS\MICHELLE_2\APPDATA\ROAMING\MOZILLA\FIREFO X\PROFILES\YDO3LBTI.DEFAULT\EXTENSIONS\SEO@PROFESI ONAL.XPI
    () (No name found) -- C:\USERS\MICHELLE_2\APPDATA\ROAMING\MOZILLA\FIREFO X\PROFILES\YDO3LBTI.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI
    [2012/02/11 13:31:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/11 13:31:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/11 13:31:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
    O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManage r.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Users\Michelle_2\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
    O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Internet Security] C:\Users\Michelle_2\AppData\Roaming\isecurity.exe File not found
    O4 - Startup: C:\Users\Michelle_2\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{1AFED7CD-4FA4-490D-8316-57219ECEAB06}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{9DE14136-7990-402F-AFE1-F2FEC4AF155A}: DhcpNameServer = 68.105.28.17 68.105.29.17
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/12 23:23:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michelle_2\Desktop\OTL.scr
    [2012/02/12 23:20:28 | 000,000,000 | ---D | C] -- C:\Users\Michelle_2\AppData\Roaming\Malwarebytes
    [2012/02/12 23:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/12 23:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/12 23:19:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/02/12 23:19:46 | 000,000,000 | ---D | C] -- C:\Users\Michelle_2\Desktop\Malwarebytes' Anti-Malware
    [2012/02/12 21:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/02/12 21:22:25 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2012/02/12 20:08:43 | 000,000,000 | ---D | C] -- C:\Users\Michelle_2\AppData\Local\MigWiz
    [2012/02/12 19:55:49 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
    [2012/02/12 12:26:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2012/02/12 12:26:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2012/02/12 12:26:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2012/02/12 08:35:48 | 000,000,000 | ---D | C] -- C:\worm
    [2012/02/06 12:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
    [2012/02/06 12:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
    [2012/02/06 12:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2012/02/06 12:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
    [2012/02/06 12:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
    [2012/02/06 12:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
    [2012/02/06 12:34:10 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
    [2012/02/06 12:31:36 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2012/01/21 15:46:56 | 000,000,000 | ---D | C] -- C:\Users\Michelle_2\AppData\Roaming\com.springbox. mobilizer
    [2012/01/21 15:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mobilizer
    [2012/01/19 23:59:21 | 000,000,000 | ---D | C] -- C:\Users\Michelle_2\Documents\downloaded images
    [2012/01/15 13:04:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/01/14 16:25:47 | 000,000,000 | ---D | C] -- C:\Users\Michelle_2\AppData\Roaming\OpenOffice.org
    [2012/01/14 16:19:46 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
    [2012/01/14 16:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
    [2012/01/14 16:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/01/14 16:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/01/14 16:12:44 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
    [2012/01/14 16:12:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2012/01/14 16:12:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2012/01/14 16:12:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2012/01/14 16:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/01/14 16:04:08 | 000,000,000 | ---D | C] -- C:\Users\Michelle_2\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
    [2009/04/18 17:56:57 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/02/13 01:43:16 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/13 01:43:16 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/13 01:37:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/13 01:37:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/13 01:37:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/13 01:36:45 | 1877,065,728 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/12 23:24:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michelle_2\Desktop\OTL.scr
    [2012/02/12 23:20:09 | 000,000,726 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/12 21:25:09 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/02/12 14:14:47 | 000,000,947 | ---- | M] () -- C:\Users\Michelle_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/02/12 12:32:52 | 003,760,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/02/12 08:04:53 | 000,000,698 | ---- | M] () -- C:\Users\Michelle_2\Desktop\Internet Security.lnk
    [2012/02/12 06:55:49 | 000,060,408 | -HS- | M] () -- C:\Users\Michelle_2\AppData\Local\dplayx.dll
    [2012/02/06 22:53:37 | 000,054,272 | ---- | M] () -- C:\Users\Michelle_2\Documents\welding curriculum.wps
    [2012/02/06 22:53:37 | 000,000,898 | ---- | M] () -- C:\Users\Michelle_2\AppData\Roaming\wklnhst.dat
    [2012/02/03 20:03:08 | 000,007,268 | ---- | M] () -- C:\Users\Michelle_2\AppData\Local\d3d9caps.dat
    [2012/01/31 04:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2012/01/21 15:46:52 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\Mobilizer.lnk
    [2012/01/20 05:59:24 | 000,001,456 | ---- | M] () -- C:\Users\Michelle_2\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2012/01/15 22:10:13 | 000,038,362 | ---- | M] () -- C:\Users\Michelle_2\Desktop\contacts_hernan.csv
    [2012/01/15 14:26:26 | 000,040,433 | ---- | M] () -- C:\Users\Michelle_2\Desktop\contacts.csv
    [2012/01/14 16:26:13 | 000,001,032 | ---- | M] () -- C:\Users\Michelle_2\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    [2012/01/14 16:19:48 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
    [2012/01/14 16:12:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
    [2012/01/14 16:12:16 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2012/01/14 16:12:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2012/01/14 16:12:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

    ========== Files Created - No Company Name ==========

    [2012/02/12 23:20:09 | 000,000,726 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/12 21:25:09 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/02/12 21:23:54 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/02/12 20:06:02 | 1877,065,728 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/12 08:04:53 | 000,000,698 | ---- | C] () -- C:\Users\Michelle_2\Desktop\Internet Security.lnk
    [2012/02/12 08:04:42 | 000,060,408 | -HS- | C] () -- C:\Users\Michelle_2\AppData\Local\dplayx.dll
    [2012/02/06 22:53:37 | 000,054,272 | ---- | C] () -- C:\Users\Michelle_2\Documents\welding curriculum.wps
    [2012/01/21 15:46:52 | 000,000,778 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobilizer.lnk
    [2012/01/21 15:46:52 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\Mobilizer.lnk
    [2012/01/20 00:18:32 | 000,001,456 | ---- | C] () -- C:\Users\Michelle_2\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2012/01/15 15:32:38 | 000,038,362 | ---- | C] () -- C:\Users\Michelle_2\Desktop\contacts_hernan.csv
    [2012/01/15 14:26:24 | 000,040,433 | ---- | C] () -- C:\Users\Michelle_2\Desktop\contacts.csv
    [2012/01/14 16:26:13 | 000,001,032 | ---- | C] () -- C:\Users\Michelle_2\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    [2012/01/14 16:19:48 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
    [2012/01/13 11:39:51 | 000,000,132 | ---- | C] () -- C:\Users\Michelle_2\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/12/30 18:47:13 | 000,007,268 | ---- | C] () -- C:\Users\Michelle_2\AppData\Local\d3d9caps.dat
    [2011/11/26 09:18:10 | 000,000,898 | ---- | C] () -- C:\Users\Michelle_2\AppData\Roaming\wklnhst.dat
    [2011/11/25 22:24:07 | 000,007,168 | ---- | C] () -- C:\Users\Michelle_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/12/16 21:48:15 | 000,127,176 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2009/09/08 11:19:33 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
    [2009/08/27 09:21:13 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
    [2009/08/26 12:24:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/08/18 17:26:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/08/18 17:26:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 12:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 12:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/06/06 13:57:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2009/04/18 18:50:07 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
    [2009/04/18 18:50:07 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
    [2009/04/18 18:50:07 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2009/04/18 18:50:07 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
    [2009/04/18 17:54:37 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2009/04/18 17:54:36 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2009/04/18 17:54:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2009/04/18 17:41:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.b in
    [2006/11/02 04:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 04:44:53 | 003,760,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 02:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 02:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/10/24 18:49:10 | 000,000,000 | ---D | M] -- C:\Users\Michelle_2\AppData\Roaming\Acer
    [2009/06/06 14:02:56 | 000,000,000 | ---D | M] -- C:\Users\Michelle_2\AppData\Roaming\Acer GameZone Console
    [2012/01/10 20:23:55 | 000,000,000 | ---D | M] -- C:\Users\Michelle_2\AppData\Roaming\com.adobe.down loadassistant.AdobeDownloadAssistant
    [2012/01/21 15:46:56 | 000,000,000 | ---D | M] -- C:\Users\Michelle_2\AppData\Roaming\com.springbox. mobilizer
    [2011/10/24 18:49:02 | 000,000,000 | ---D | M] -- C:\Users\Michelle_2\AppData\Roaming\Leadertech
    [2012/01/14 16:25:47 | 000,000,000 | ---D | M] -- C:\Users\Michelle_2\AppData\Roaming\OpenOffice.org
    [2011/11/26 09:18:16 | 000,000,000 | ---D | M] -- C:\Users\Michelle_2\AppData\Roaming\Template
    [2012/02/13 01:35:43 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/04/18 17:57:39 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/02/13 01:36:45 | 1877,065,728 | -HS- | M] () -- C:\hiberfil.sys
    [2009/12/26 15:48:06 | 003,937,692 | ---- | M] () -- C:\ituneslib.itl
    [2012/02/13 01:36:43 | 2190,868,480 | -HS- | M] () -- C:\pagefile.sys
    [2009/04/18 18:50:54 | 000,001,666 | ---- | M] () -- C:\RHDSetup.log

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2007/11/05 19:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpzpp5mu .dll
    [2007/04/09 09:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\mdippr.d ll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr .dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.exe /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 19:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 19:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 19:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\* >
    [2008/01/20 18:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/11 13:31:55 | 000,834,840 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/11 13:31:55 | 000,834,840 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/11 13:31:55 | 000,834,840 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/11 13:31:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/11 13:31:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/11 13:31:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 18:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 18:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 18:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/10 22:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/11 13:31:55 | 000,834,840 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/11 13:31:55 | 000,834,840 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/11 13:31:55 | 000,834,840 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/11 13:31:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/11 13:31:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/11 13:31:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 18:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 18:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 18:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/10 22:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C77DCC63
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:9E22BBE8


    < End of report >
    Last edited by etavares; 13-02-2012 at 12:47 PM. Reason: post OTL log

  2. #2
    Super Moderator & Security Team etavares's Avatar
    Join Date
    Apr 2011
    Posts
    592

    PC Experience:
    Very Experienced


    Operating System:
    Win7 Professional - Windows XP - Windows Home Server

    Default

    Hello, Iverson.

    My name is etavares and I will be helping you with this log.


    Here are some guidelines to ensure we are able to get your machine back under your control.

    • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
    • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
    • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
    • Please reply within 3 days to be fair to other people asking for help.
    • When in doubt, please stop and ask first. There's no harm in asking questions!


    Backdoor Warning
    One or more of the identified infections is a backdoor trojan.


    This allows hackers to remotely control your computer, steal critical system information and download and execute files.


    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.


    Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:


    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    When Should I Format, How Should I Reinstall


    We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




    Step 1


    We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:



    In your reply, please post the GMER log.






    Step 2






    Next, please download ComboFix from one of these locations:
    * IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
    • Double click on etavaresCF.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





    Click on Yes, to continue scanning for malware.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.


    Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.


    PS> Please copy/paste the contents of the log directly into your reply. You can do multiple posts if it's too long. This helps for two reasons: 1: some logs such as OTL are formatted for direct posting so it makes researching it easier and 2: you'll run out of space for attachments before we finish the thread.


    etavares

  3. #3
    FPCH New Member
    Join Date
    Feb 2012
    Location
    Coronado, CA
    Posts
    7

    PC Experience:
    Beginner


    Operating System:
    Windows Vista - Home Basic

    Default

    Hi Etavares,

    Thank you for the quick reply. Can I download the above programs before disconnecting?

    Michelle

  4. #4
    Super Moderator & Security Team etavares's Avatar
    Join Date
    Apr 2011
    Posts
    592

    PC Experience:
    Very Experienced


    Operating System:
    Win7 Professional - Windows XP - Windows Home Server

    Default

    Yes, please leave it connected to the internet while running Combofix as it will download the recovery console which is important as well. You can disconnect once you post the log.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •