1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Strange malware

Discussion in 'Malware Removal Help' started by ellio, Dec 16, 2009.

  1. ellio

    ellio Junior Member

    Joined:
    Dec 16, 2009
    Messages:
    2
    Everything began when my antivirus stopped doing update. I had AVG Free 8.5. I updated to 9.0. I uninstalled it and installed Comodo. Uninstall and install Avast. Still same. No antivirus update at all.
    As it is described here http://computerhelpforums.net/malware-removal/46793-preparation-for-malware-removal-help.html, I did all the procedures but one. Installing Malwarebytes Anti-Malware and run it. Installed, updated but when I am going to run it, it closes after 2 seconds or so.
    About the rest:
    Rootrepeal report

    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2009/12/16 19:15
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: aywz4qg0.SYS
    Image Path: F:\WINDOWS\System32\Drivers\aywz4qg0.SYS
    Address: 0xB94B2000 Size: 417792 File Visible: No Signed: -
    Status: -

    Name: dump_atapi.sys
    Image Path: F:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xB6D21000 Size: 98304 File Visible: No Signed: -
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: F:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xBA6A4000 Size: 8192 File Visible: No Signed: -
    Status: -

    Name: PCI_PNP6578
    Image Path: \Driver\PCI_PNP6578
    Address: 0x00000000 Size: 0 File Visible: No Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: F:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xB628E000 Size: 49152 File Visible: No Signed: -
    Status: -

    Name: spsg.sys
    Image Path: spsg.sys
    Address: 0xF74D8000 Size: 1040384 File Visible: No Signed: -
    Status: -

    Name: sptd
    Image Path: \Driver\sptd
    Address: 0x00000000 Size: 0 File Visible: No Signed: -
    Status: -

    SSDT
    -------------------
    #: 025 Function Name: NtClose
    Status: Hooked by "F:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6ed36b8

    #: 041 Function Name: NtCreateKey
    Status: Hooked by "F:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6ed3574

    #: 065 Function Name: NtDeleteValueKey
    Status: Hooked by "F:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6ed3a52

    #: 068 Function Name: NtDuplicateObject
    Status: Hooked by "F:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6ed314c

    #: 071 Function Name: NtEnumerateKey
    Status: Hooked by "spsg.sys" at address 0xf74f6ca2

    #: 073 Function Name: NtEnumerateValueKey
    Status: Hooked by "spsg.sys" at address 0xf74f7030

    #: 119 Function Name: NtOpenKey
    Status: Hooked by "F:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6ed364e

    #: 122 Function Name: NtOpenProcess
    Status: Hooked by "F:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6ed308c

    #: 128 Function Name: NtOpenThread
    Status: Hooked by "F:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6ed30f0

    #: 160 Function Name: NtQueryKey
    Status: Hooked by "spsg.sys" at address 0xf74f7108

    #: 177 Function Name: NtQueryValueKey
    Status: Hooked by "F:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6ed376e

    #: 204 Function Name: NtRestoreKey
    Status: Hooked by "F:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6ed372e

    #: 247 Function Name: NtSetValueKey
    Status: Hooked by "F:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6ed38ae

    ==EOF==


    OTL Report

    OTL logfile created on: 2009-12-16 19:22:01 - Run 2
    OTL by OldTimer - Version 3.1.17.0 Folder = F:\Documents and Settings\ellio\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

    2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.33% Memory free
    3.85 Gb Paging File | 3.24 Gb Available in Paging File | 84.24% Paging File free
    Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
    C: Drive not present or media not loaded
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 48.83 Gb Total Space | 8.02 Gb Free Space | 16.43% Space Free | Partition Type: NTFS
    Drive G: | 400.39 Gb Total Space | 28.04 Gb Free Space | 7.00% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive W: | 39.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive X: | 16.54 Gb Total Space | 5.84 Gb Free Space | 35.29% Space Free | Partition Type: NTFS

    Computer Name: ILIAS
    Current User Name: ellio
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - F:\Documents and Settings\ellio\Desktop\OTL.exe (OldTimer Tools)
    PRC - F:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
    PRC - F:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    PRC - F:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - F:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - F:\Program Files\Opera\opera.exe (Opera Software)
    PRC - F:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
    PRC - F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - F:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
    PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - F:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)
    PRC - F:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    PRC - F:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    PRC - F:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    PRC - F:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - F:\Documents and Settings\ellio\Desktop\OTL.exe (OldTimer Tools)
    MOD - F:\Program Files\RealMedia\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll (RealPlayer)
    MOD - F:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
    MOD - F:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
    MOD - F:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (Bonjour Service) -- File not found
    SRV - (Lavasoft Ad-Aware Service) -- F:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SRV - (avast! Antivirus) -- F:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (avast! Web Scanner) -- F:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (aswUpdSv) -- F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (gupdate1c9dc61426040b4) Google Update Service (gupdate1c9dc61426040b4) -- F:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
    SRV - (gusvc) -- F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (FLEXnet Licensing Service) -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (NVSvc) -- F:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
    SRV - (WLSetupSvc) -- F:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
    SRV - (usnjsvc) -- F:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
    SRV - (odserv) -- F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
    SRV - (ServiceLayer) -- F:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
    SRV - (ose) -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (IDriverT) -- F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (MBAMSwissArmy) -- F:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
    DRV - (Lbd) -- F:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV - (aswMon2) -- F:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
    DRV - (aswSP) -- F:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswFsBlk) -- F:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (aswTdi) -- F:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (aswRdr) -- F:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (Aavmker4) -- F:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
    DRV - (nv) -- F:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (HDAudBus) -- F:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (sptd) -- F:\WINDOWS\System32\Drivers\sptd.sys ()
    DRV - (Secdrv) -- F:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (tmcomm) -- F:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
    DRV - (Point32) -- F:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)
    DRV - (PxHelp20) -- F:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
    DRV - (nmwcd) -- F:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
    DRV - (nmwcdcm) -- F:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
    DRV - (wceusbsh) -- F:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
    DRV - (AtcL001) -- F:\WINDOWS\system32\drivers\atl01_xp.sys (Attansic Technology corporation.)
    DRV - (ADIHdAudAddService) -- F:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
    DRV - (AEAudioService) -- F:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
    DRV - (SenFiltService) -- F:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
    DRV - (HdAudAddService) -- F:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
    DRV - (ZSMC301b) -- F:\WINDOWS\system32\drivers\usbVM31b.sys (VM)
    DRV - (MTsensor) -- F:\WINDOWS\system32\drivers\ASACPI.sys ()
    DRV - (Ptilink) -- F:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (ROOTMODEM) -- F:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
    DRV - (Aspi32) -- F:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaultthis.engineName: "Free-TV Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2057468&SearchSource=3&q="
    FF - prefs.js..browser.search.order.1: "Yahoo"
    FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.opadoi.gr/forum/"
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.8.2
    FF - prefs.js..extensions.enabledItems: {e41ff70e-a124-4089-a34d-9e7e6af7aa77}:2.4.0.4
    FF - prefs.js..extensions.enabledItems: {19627815-20a6-46e6-be34-a0b6967c022a}:1.300.244
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
    FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
    FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
    FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
    FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=59099&p="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\Program Files\RealMedia\browserrecord\firefox\ext [2009-09-20 13:37:53 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2009-11-07 13:46:45 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2009-11-07 13:46:45 | 00,000,000 | ---D | M]

    [2008-07-11 23:09:07 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Mozilla\Extensions
    [2009-12-16 00:15:13 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Mozilla\Firefox\Profiles\f0mdeyig.default\extensions
    [2009-05-17 12:48:23 | 00,000,000 | ---D | M] (Pirates - FB) -- F:\Documents and Settings\ellio\Application Data\Mozilla\Firefox\Profiles\f0mdeyig.default\extensions\{19627815-20a6-46e6-be34-a0b6967c022a}
    [2009-12-15 21:04:29 | 00,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\ellio\Application Data\Mozilla\Firefox\Profiles\f0mdeyig.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2009-12-12 21:15:24 | 00,000,000 | ---D | M] (Free-TV Toolbar) -- F:\Documents and Settings\ellio\Application Data\Mozilla\Firefox\Profiles\f0mdeyig.default\extensions\{e41ff70e-a124-4089-a34d-9e7e6af7aa77}
    [2009-06-12 16:44:55 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Mozilla\Firefox\Profiles\f0mdeyig.default\extensions\searchrecs@veoh.com
    [2009-01-07 19:17:48 | 00,000,876 | ---- | M] () -- F:\Documents and Settings\ellio\Application Data\Mozilla\Firefox\Profiles\f0mdeyig.default\searchplugins\conduit.xml
    [2009-05-17 12:48:30 | 00,001,734 | ---- | M] () -- F:\Documents and Settings\ellio\Application Data\Mozilla\Firefox\Profiles\f0mdeyig.default\searchplugins\search-the-web.xml
    [2008-11-21 23:24:36 | 00,002,789 | ---- | M] () -- F:\Documents and Settings\ellio\Application Data\Mozilla\Firefox\Profiles\f0mdeyig.default\searchplugins\world-of-warcraft-armory.xml
    [2009-12-13 14:50:13 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions
    [2008-09-04 02:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2006-08-09 12:16:08 | 00,030,408 | ---- | M] ( ) -- F:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll

    O1 HOSTS File: (263588 bytes) - F:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - F:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\RealMedia\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - F:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
    O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - F:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {147D6308-0614-4112-89B1-31402F9B82C4} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [avast!] F:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] F:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [IntelliPoint] F:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [itype] F:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [QuickTime Task] F:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O4 - HKCU..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe ()
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - F:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O15 - HKLM\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
    O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
    O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab (SentinelVE3D Class)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185362326421 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - F:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - F:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008-04-16 09:00:36 | 00,000,047 | R--- | M] () - W:\Autorun.inf -- [ CDFS ]
    O33 - MountPoints2\##LAPTOP#CD\Shell - "" = AutoRun
    O33 - MountPoints2\##LAPTOP#CD\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\##LAPTOP#CD\Shell\AutoRun\command - "" = Z:\arun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - F:\WINDOWS\System32\lsdelete.exe ()
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2009-12-16 19:03:25 | 00,472,064 | ---- | C] ( ) -- F:\Documents and Settings\ellio\Desktop\RootRepeal.exe
    [2009-12-16 18:57:20 | 00,538,112 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\ellio\Desktop\OTL.exe
    [2009-12-16 18:56:12 | 00,343,040 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\ellio\Desktop\TFC.exe
    [2009-12-16 17:59:19 | 00,000,000 | ---D | C] -- F:\WINDOWS\temp
    [2009-12-16 17:55:58 | 00,000,000 | ---D | C] -- F:\ComboFix
    [2009-12-16 17:42:42 | 00,000,000 | ---D | C] -- F:\Documents and Settings\ellio\Application Data\Malwarebytes
    [2009-12-16 17:42:38 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009-12-16 17:42:37 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009-12-16 17:42:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
    [2009-12-16 17:42:36 | 00,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
    [2009-12-16 17:10:43 | 00,000,000 | RHSD | C] -- F:\cmdcons
    [2009-12-16 17:09:17 | 00,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe
    [2009-12-16 17:09:17 | 00,161,792 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe
    [2009-12-16 17:09:17 | 00,136,704 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe
    [2009-12-16 17:09:17 | 00,031,232 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe
    [2009-12-16 17:08:24 | 00,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
    [2009-12-16 01:09:23 | 00,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009-12-16 01:05:39 | 00,064,288 | ---- | C] (Lavasoft AB) -- F:\WINDOWS\System32\drivers\Lbd.sys
    [2009-12-16 01:04:45 | 00,000,000 | -H-D | C] -- F:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    [2009-12-16 01:04:26 | 00,000,000 | ---D | C] -- F:\Program Files\Lavasoft
    [2009-12-16 00:28:41 | 00,000,000 | ---D | C] -- F:\Documents and Settings\ellio\Local Settings\Application Data\Threat Expert
    [2009-12-15 21:10:28 | 00,000,000 | ---D | C] -- F:\WINDOWS\BDOSCAN8
    [2009-12-15 20:24:16 | 00,048,560 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswTdi.sys
    [2009-12-15 20:24:16 | 00,027,408 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aavmker4.sys
    [2009-12-15 20:24:16 | 00,023,120 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswRdr.sys
    [2009-12-15 20:24:14 | 00,114,768 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswSP.sys
    [2009-12-15 20:24:14 | 00,097,480 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\AvastSS.scr
    [2009-12-15 20:24:14 | 00,094,160 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswmon2.sys
    [2009-12-15 20:24:14 | 00,093,424 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswmon.sys
    [2009-12-15 20:24:14 | 00,020,560 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2009-12-15 20:23:54 | 01,280,480 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\aswBoot.exe
    [2009-12-15 20:23:51 | 00,000,000 | ---D | C] -- F:\Program Files\Alwil Software
    [2009-12-15 18:49:54 | 00,000,000 | ---D | C] -- F:\SDFix
    [2009-12-15 18:42:38 | 00,000,000 | ---D | C] -- F:\Program Files\TrendMicro
    [2009-12-15 00:34:57 | 00,000,000 | ---D | C] -- F:\Program Files\Ventrilo
    [2009-12-15 00:28:53 | 00,000,000 | --SD | M] -- F:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2009-12-15 00:28:53 | 00,000,000 | --SD | M] -- F:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009-12-15 00:28:53 | 00,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009-12-14 23:37:04 | 00,000,000 | ---D | C] -- F:\QooBox
    [2009-12-14 23:10:12 | 00,000,000 | ---D | C] -- F:\Program Files\COMODO
    [2009-12-14 19:28:42 | 00,000,000 | ---D | C] -- F:\AVGTemp
    [2009-12-14 19:22:05 | 00,000,000 | ---D | C] -- F:\$AVG
    [2009-12-13 15:41:35 | 00,000,000 | ---D | C] -- F:\Program Files\VoiceChatter
    [2009-12-13 15:41:07 | 00,000,000 | ---D | C] -- F:\Documents and Settings\ellio\Application Data\Mumble
    [2009-12-13 14:27:55 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Skype
    [2009-12-12 23:53:05 | 00,000,000 | ---D | C] -- F:\Documents and Settings\ellio\Application Data\Ventrilo
    [2009-11-27 18:21:42 | 00,000,000 | ---D | C] -- F:\Documents and Settings\ellio\My Documents\Bluetooth
    [2009-11-27 18:21:42 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Bluetooth
    [2009-11-27 18:12:30 | 00,151,552 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\irftp.exe
    [2009-11-27 18:12:30 | 00,151,552 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\irftp.exe
    [2009-11-27 18:12:30 | 00,028,160 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\irmon.dll
    [2009-11-27 18:12:30 | 00,028,160 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\irmon.dll
    [2009-11-27 18:12:29 | 00,008,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\wshirda.dll
    [2009-11-27 18:12:29 | 00,008,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wshirda.dll
    [2009-11-25 13:50:19 | 00,000,000 | ---D | C] -- F:\Program Files\Traction Software
    [2009-05-26 16:26:32 | 00,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2009-05-24 13:17:47 | 00,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2008-04-20 12:11:48 | 00,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Application Data\VMware

    ========== Files - Modified Within 30 Days ==========

    [2009-12-16 19:05:00 | 00,001,186 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2009-12-16 19:03:32 | 00,000,000 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\settings.dat
    [2009-12-16 19:02:58 | 00,000,868 | ---- | M] () -- F:\WINDOWS\tasks\Google Software Updater.job
    [2009-12-16 19:02:57 | 00,190,029 | ---- | M] () -- F:\WINDOWS\System32\nvapps.xml
    [2009-12-16 19:02:53 | 00,001,182 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2009-12-16 19:02:41 | 00,000,458 | ---- | M] () -- F:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2009-12-16 19:02:41 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
    [2009-12-16 19:02:36 | 00,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
    [2009-12-16 19:01:39 | 17,301,504 | -H-- | M] () -- F:\Documents and Settings\ellio\NTUSER.DAT
    [2009-12-16 19:00:39 | 00,464,491 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\RootRepeal.zip
    [2009-12-16 19:00:19 | 00,538,112 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\ellio\Desktop\OTL.exe
    [2009-12-16 18:59:01 | 00,343,040 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\ellio\Desktop\TFC.exe
    [2009-12-16 18:32:14 | 00,002,441 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\HiJackThis.lnk
    [2009-12-16 18:03:57 | 00,000,178 | -HS- | M] () -- F:\Documents and Settings\ellio\ntuser.ini
    [2009-12-16 18:00:10 | 00,000,265 | ---- | M] () -- F:\WINDOWS\system.ini
    [2009-12-16 17:42:41 | 00,000,696 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009-12-16 17:10:53 | 00,000,281 | RHS- | M] () -- F:\boot.ini
    [2009-12-16 17:06:00 | 03,553,612 | ---- | M] () -- F:\ComboFix.zip
    [2009-12-16 01:04:42 | 00,000,867 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2009-12-16 00:37:05 | 00,000,933 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\Spybot - Search & Destroy.lnk
    [2009-12-15 20:24:31 | 00,322,161 | ---- | M] () -- F:\WINDOWS\System32\drivers\sfi.dat
    [2009-12-15 20:24:16 | 00,001,709 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
    [2009-12-15 20:24:14 | 00,002,626 | ---- | M] () -- F:\WINDOWS\System32\CONFIG.NT
    [2009-12-15 20:04:30 | 00,000,884 | ---- | M] () -- F:\WINDOWS\win.ini
    [2009-12-15 19:49:51 | 00,000,268 | -H-- | M] () -- F:\sqmdata00.sqm
    [2009-12-15 19:49:51 | 00,000,244 | -H-- | M] () -- F:\sqmnoopt00.sqm
    [2009-12-15 19:11:20 | 00,073,472 | ---- | M] () -- F:\Documents and Settings\ellio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2009-12-15 18:41:29 | 01,401,344 | ---- | M] () -- F:\HijackThis.msi
    [2009-12-15 18:28:17 | 01,597,496 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
    [2009-12-15 18:01:09 | 00,505,784 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
    [2009-12-15 18:01:09 | 00,444,358 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
    [2009-12-15 18:01:09 | 00,072,108 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
    [2009-12-15 17:34:06 | 00,001,393 | ---- | M] () -- F:\WINDOWS\imsins.BAK
    [2009-12-15 00:34:59 | 00,000,262 | ---- | M] () -- F:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2009-12-15 00:34:57 | 00,000,630 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
    [2009-12-14 18:49:20 | 00,003,163 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\bookm.htm
    [2009-12-14 17:43:17 | 00,002,284 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
    [2009-12-13 19:51:19 | 81,669,446 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\Ebony Teen Masturebates - Teenist.flv
    [2009-12-13 19:51:19 | 81,668,632 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\48b50e69ea4faFreshAmateurVids_caramel1[2].flv
    [2009-12-13 19:40:41 | 31,682,460 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\Big Titty Caramel Loves Herself.flv
    [2009-12-13 15:42:12 | 00,000,474 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\Shortcut to Wow.exe.lnk
    [2009-12-13 15:19:45 | 18,514,306 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\Ashley Bulgari Aka Jessie A.flv
    [2009-12-13 15:19:21 | 14,130,022 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\Ashley Bulgari.flv
    [2009-12-12 22:32:30 | 00,198,656 | ---- | M] () -- F:\Documents and Settings\ellio\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009-12-12 22:32:24 | 00,000,202 | ---- | M] () -- F:\WINDOWS\NeroDigital.ini
    [2009-12-12 15:18:32 | 00,000,573 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
    [2009-12-08 19:30:00 | 00,008,139 | ---- | M] () -- F:\WINDOWS\UEDIT32.INI
    [2009-12-06 00:48:03 | 00,001,972 | ---- | M] () -- F:\WINDOWS\Lexicon.ini
    [2009-12-05 20:07:05 | 00,001,915 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2009-12-05 14:29:09 | 00,087,626 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\hs25ja.jpg
    [2009-12-05 00:14:26 | 02,176,694 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\6DA608EBd01.flv
    [2009-12-04 19:58:31 | 00,030,171 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\d0db5ff89ce2ebe0d22eae4f1e02a18d.gif
    [2009-12-03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009-12-03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
    [2009-12-02 19:43:52 | 00,043,374 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\report006571852.pdf
    [2009-12-02 17:49:27 | 00,085,504 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\CV.doc
    [2009-12-02 15:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) -- F:\WINDOWS\System32\drivers\Lbd.sys
    [2009-12-02 15:19:04 | 00,015,880 | ---- | M] () -- F:\WINDOWS\System32\lsdelete.exe
    [2009-12-01 23:42:58 | 00,060,416 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\CV-Ilias Flouris_en.doc
    [2009-12-01 23:26:06 | 00,084,992 | ---- | M] () -- F:\Documents and Settings\ellio\My Documents\New-CV.doc
    [2009-11-26 17:55:20 | 00,000,471 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\New Folder (5).lnk
    [2009-11-26 17:55:20 | 00,000,471 | ---- | M] () -- F:\Documents and Settings\ellio\Desktop\New Folder (2).lnk
    [2009-11-25 01:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- F:\WINDOWS\System32\aswBoot.exe
    [2009-11-25 01:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswmon.sys
    [2009-11-25 01:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswmon2.sys
    [2009-11-25 01:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswSP.sys
    [2009-11-25 01:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2009-11-25 01:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswTdi.sys
    [2009-11-25 01:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswRdr.sys
    [2009-11-25 01:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aavmker4.sys
    [2009-11-25 01:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- F:\WINDOWS\System32\AvastSS.scr
    [2009-11-24 17:15:17 | 00,000,592 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Opera.lnk

    ========== Files Created - No Company Name ==========

    [2009-12-16 19:03:32 | 00,000,000 | ---- | C] () -- F:\Documents and Settings\ellio\Desktop\settings.dat
    [2009-12-16 18:56:39 | 00,464,491 | ---- | C] () -- F:\Documents and Settings\ellio\Desktop\RootRepeal.zip
    [2009-12-16 17:42:41 | 00,000,696 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009-12-16 17:10:53 | 00,000,210 | ---- | C] () -- F:\Boot.bak
    [2009-12-16 17:10:47 | 00,260,272 | ---- | C] () -- F:\cmldr
    [2009-12-16 17:09:17 | 00,260,608 | ---- | C] () -- F:\WINDOWS\PEV.exe
    [2009-12-16 17:09:17 | 00,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe
    [2009-12-16 17:09:17 | 00,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe
    [2009-12-16 17:09:17 | 00,077,312 | ---- | C] () -- F:\WINDOWS\MBR.exe
    [2009-12-16 17:09:17 | 00,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe
    [2009-12-16 17:06:00 | 03,553,612 | ---- | C] () -- F:\ComboFix.zip
    [2009-12-16 01:14:00 | 00,015,880 | ---- | C] () -- F:\WINDOWS\System32\lsdelete.exe
    [2009-12-16 01:05:32 | 00,000,458 | ---- | C] () -- F:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2009-12-16 01:04:42 | 00,000,867 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2009-12-16 00:37:05 | 00,000,933 | ---- | C] () -- F:\Documents and Settings\ellio\Desktop\Spybot - Search & Destroy.lnk
    [2009-12-15 20:24:16 | 00,001,709 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
    [2009-12-15 20:23:54 | 00,380,928 | ---- | C] () -- F:\WINDOWS\System32\actskin4.ocx
    [2009-12-15 19:49:51 | 00,000,268 | -H-- | C] () -- F:\sqmdata00.sqm
    [2009-12-15 19:49:51 | 00,000,244 | -H-- | C] () -- F:\sqmnoopt00.sqm
    [2009-12-15 18:42:39 | 00,002,441 | ---- | C] () -- F:\Documents and Settings\ellio\Desktop\HiJackThis.lnk
    [2009-12-15 18:41:23 | 01,401,344 | ---- | C] () -- F:\HijackThis.msi
    [2009-12-15 00:34:57 | 00,000,630 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
    [2009-12-15 00:34:51 | 00,000,262 | ---- | C] () -- F:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2009-12-14 23:37:59 | 03,560,773 | R--- | C] () -- F:\ComboFix.exe
    [2009-12-14 23:13:39 | 00,322,161 | ---- | C] () -- F:\WINDOWS\System32\drivers\sfi.dat
    [2009-12-10 17:44:46 | 00,003,163 | ---- | C] () -- F:\Documents and Settings\ellio\Desktop\bookm.htm
    [2009-12-05 20:07:05 | 00,001,915 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2009-11-07 00:54:40 | 00,233,472 | ---- | C] () -- F:\WINDOWS\System32\imgman31.dll
    [2009-11-06 17:11:02 | 00,046,346 | ---- | C] () -- F:\WINDOWS\System32\SmrtDrive.dll
    [2009-09-25 19:18:13 | 00,151,552 | ---- | C] () -- F:\WINDOWS\System32\nvRegDev.dll
    [2009-05-28 17:57:05 | 00,564,224 | ---- | C] () -- F:\WINDOWS\System32\x264vfw.dll
    [2009-01-05 15:44:10 | 00,000,453 | ---- | C] () -- F:\WINDOWS\bdoscandellang.ini
    [2008-11-17 02:21:14 | 00,001,122 | ---- | C] () -- F:\WINDOWS\_ISENV31.INI
    [2008-11-17 02:21:14 | 00,000,545 | ---- | C] () -- F:\WINDOWS\_iserr31.ini
    [2008-10-09 23:58:09 | 00,000,036 | -H-- | C] () -- F:\WINDOWS\System32\swk.ini
    [2008-09-26 10:23:56 | 00,000,164 | ---- | C] () -- F:\WINDOWS\System32\psconv.ini
    [2008-09-09 22:45:43 | 00,000,782 | ---- | C] () -- F:\WINDOWS\SIERRA.INI
    [2008-06-11 09:02:34 | 00,058,648 | ---- | C] () -- F:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008-06-11 09:02:34 | 00,058,648 | ---- | C] () -- F:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008-06-11 09:02:34 | 00,058,648 | ---- | C] () -- F:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008-06-11 09:02:34 | 00,058,648 | ---- | C] () -- F:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008-06-11 09:02:34 | 00,058,648 | ---- | C] () -- F:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008-06-11 09:02:34 | 00,058,648 | ---- | C] () -- F:\WINDOWS\System32\AgCPanelKorean.dll
    [2008-06-11 09:02:32 | 00,058,648 | ---- | C] () -- F:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008-06-11 09:02:32 | 00,058,648 | ---- | C] () -- F:\WINDOWS\System32\AgCPanelGerman.dll
    [2008-06-11 09:02:32 | 00,058,648 | ---- | C] () -- F:\WINDOWS\System32\AgCPanelFrench.dll
    [2008-06-05 08:58:26 | 00,197,912 | ---- | C] () -- F:\WINDOWS\System32\physxcudart_20.dll
    [2008-05-28 01:16:44 | 00,061,440 | ---- | C] () -- F:\WINDOWS\System32\NormalizeDSP.dll
    [2008-04-26 19:20:36 | 00,056,832 | ---- | C] () -- F:\WINDOWS\System32\Iyvu9_32.dll
    [2008-04-11 14:57:49 | 00,034,308 | ---- | C] () -- F:\WINDOWS\System32\BASSMOD.dll
    [2008-02-14 21:16:47 | 00,000,059 | ---- | C] () -- F:\WINDOWS\wininit.ini
    [2007-09-30 12:56:54 | 00,000,128 | ---- | C] () -- F:\Documents and Settings\ellio\Local Settings\Application Data\fusioncache.dat
    [2007-09-03 16:46:58 | 00,127,671 | ---- | C] () -- F:\Documents and Settings\ellio\Application Data\Cosmos Prefs
    [2007-08-05 17:17:56 | 00,001,972 | ---- | C] () -- F:\WINDOWS\Lexicon.ini
    [2007-08-04 17:56:28 | 00,715,248 | ---- | C] () -- F:\WINDOWS\System32\drivers\sptd.sys
    [2007-08-04 10:38:45 | 00,001,751 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007-07-27 01:06:22 | 03,596,288 | ---- | C] () -- F:\WINDOWS\System32\qt-dx331.dll
    [2007-07-27 01:03:02 | 00,012,288 | ---- | C] () -- F:\WINDOWS\System32\DivXWMPExtType.dll
    [2007-07-25 14:48:02 | 00,000,202 | ---- | C] () -- F:\WINDOWS\NeroDigital.ini
    [2007-07-25 14:48:00 | 00,198,656 | ---- | C] () -- F:\Documents and Settings\ellio\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007-07-25 13:58:08 | 00,000,155 | ---- | C] () -- F:\WINDOWS\winamp.ini
    [2007-07-25 13:49:41 | 00,002,528 | ---- | C] () -- F:\Documents and Settings\ellio\Application Data\$_hpcst$.hpc
    [2007-07-25 13:41:01 | 00,008,139 | ---- | C] () -- F:\WINDOWS\UEDIT32.INI
    [2007-07-25 11:42:29 | 00,016,490 | ---- | C] () -- F:\WINDOWS\Ascd_tmp.ini
    [2007-07-25 11:42:25 | 00,005,810 | R--- | C] () -- F:\WINDOWS\System32\drivers\ASACPI.sys
    [2007-07-25 11:42:16 | 00,005,824 | ---- | C] () -- F:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2007-03-29 22:00:40 | 00,203,264 | R--- | C] () -- F:\WINDOWS\System32\CddbCdda.dll
    [2007-03-27 09:26:34 | 01,724,416 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
    [2007-03-27 09:26:34 | 01,101,824 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
    [2007-03-27 09:26:32 | 00,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
    [2007-03-27 09:26:32 | 00,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll
    [2007-03-27 09:26:30 | 01,499,136 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
    [2006-09-25 03:53:56 | 00,268,242 | ---- | C] () -- F:\WINDOWS\System32\erdmpg-parse.dll
    [2006-09-25 03:53:44 | 02,518,779 | ---- | C] () -- F:\WINDOWS\System32\erdmpg-enc.dll
    [2006-09-25 03:52:06 | 00,030,693 | ---- | C] () -- F:\WINDOWS\System32\erdmpg-int.dll
    [2005-11-08 00:32:46 | 03,088,384 | ---- | C] () -- F:\WINDOWS\System32\erdmpg-4.dll
    [2005-11-05 04:57:14 | 00,258,048 | ---- | C] () -- F:\WINDOWS\System32\Manipulate.dll
    [2005-10-15 05:10:24 | 00,065,536 | ---- | C] () -- F:\WINDOWS\System32\comLyricGetter.dll
    [2005-10-08 06:58:58 | 00,282,624 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll
    [2005-10-08 06:53:34 | 01,559,040 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll
    [2004-02-01 21:21:56 | 00,097,280 | ---- | C] () -- F:\WINDOWS\System32\Uncommon.dll
    [2003-09-16 17:52:28 | 00,147,456 | ---- | C] () -- F:\WINDOWS\System32\vorbis.dll
    [2003-09-16 17:43:31 | 00,884,736 | ---- | C] () -- F:\WINDOWS\System32\vorbisenc.dll
    [2003-09-16 17:41:43 | 00,045,056 | ---- | C] () -- F:\WINDOWS\System32\ogg.dll
    [2003-08-07 21:01:50 | 00,237,568 | ---- | C] () -- F:\WINDOWS\System32\lame_enc.dll
    [2002-10-16 00:54:04 | 00,163,840 | ---- | C] () -- F:\WINDOWS\System32\unrar.dll
    [2001-10-28 16:42:30 | 00,116,224 | ---- | C] () -- F:\WINDOWS\System32\prnmnt.dll

    ========== LOP Check ==========

    [2008-10-11 22:25:12 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Banner Maker Pro 7
    [2009-11-27 18:31:59 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Bluetooth
    [2008-11-03 00:17:49 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Fallout3
    [2008-10-13 17:59:42 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\GIRDAC
    [2007-07-25 14:07:57 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Installations
    [2008-07-15 17:18:19 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PC Suite
    [2009-12-16 00:36:21 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
    [2009-05-24 17:03:22 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2008-10-11 22:22:23 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2009-10-17 13:00:35 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{27ED786F-D773-47F8-93EB-8A249414AD30}
    [2009-05-24 17:02:52 | 00,000,000 | -HSD | M] -- F:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
    [2009-12-16 01:04:45 | 00,000,000 | -H-D | M] -- F:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    [2008-10-08 00:23:43 | 00,000,000 | -H-D | M] -- F:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
    [2009-01-12 18:26:20 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Acreon
    [2008-10-11 23:00:26 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Aleo Software
    [2008-10-12 22:29:17 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Bitsoft
    [2009-12-08 21:25:03 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\BitTorrent
    [2009-03-09 01:00:58 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Crystal Player
    [2007-08-04 18:05:44 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\DAEMON Tools Pro
    [2009-03-19 18:22:33 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Gamelab
    [2009-03-15 02:52:54 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Kaboom Studios
    [2009-05-12 19:10:35 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Leadertech
    [2009-06-02 18:33:32 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Moyea
    [2009-12-13 16:23:00 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Mumble
    [2008-08-04 16:20:06 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Nokia
    [2008-06-28 12:24:28 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Nokia Multimedia Player
    [2008-04-20 14:22:23 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Opera
    [2009-11-27 19:03:14 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\PC Suite
    [2008-09-13 13:12:57 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\ScummVM
    [2009-10-17 13:00:08 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Seven Zip
    [2009-12-15 19:24:05 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Sports Interactive
    [2009-05-24 17:04:51 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\TuneUp Software
    [2008-11-13 18:53:23 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Uniblue
    [2009-05-28 18:20:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\ellio\Application Data\Xilisoft Corporation
    [2009-12-16 19:02:41 | 00,000,458 | ---- | M] () -- F:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 508 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
    @Alternate Data Stream - 178 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
    @Alternate Data Stream - 119 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
    @Alternate Data Stream - 115 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 103 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 101 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
    < End of report >
     
    ellio, Dec 16, 2009
    #1
  3. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    Welcome to Computer Help Forums ellio and and sorry for your troubles. I am sure that one of our malware removal specialist will start his review of the logs posted shortly and get back to you. Whoever tackles this issue will stay with you to the end with possible intervention from another specialist of you have a question. In order to keep the process clean and on track, no members other than yourself and those authorized can post to this thread.
     
    BeeCeeBee, Dec 16, 2009
    #2
  4. ellio

    ellio Junior Member

    Joined:
    Dec 16, 2009
    Messages:
    2
    Thanks for your so quick reply. I am available for any further feedback.... well, as long as my PC allows me to use browsers smoothly, since (I am sure it is not just my idea) any access in any site relative with antivirus, antispyware, antimalware (maybe this malware is also recording the words and/or has a small database with some known relative sites) is slow, problematic or even stuck. Especially, when I am trying to download antimalware tools.

    Thanks in advance for any kind of help.....
     
    ellio, Dec 16, 2009
    #3
  5. schrauber

    schrauber Guest

    Hello, ellio
    Welcome to the Computer Help Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



    Please take note of some guidelines for this fix:
    • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
    • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
    • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
    • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
    • Please set your system to show all files.
      Click Start, open My Computer, select the Tools menu and click Folder Options.
      Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
      Uncheck: Hide file extensions for known file types
      Uncheck the Hide protected operating system files (recommended) option.
      Click Yes to confirm.



    I see you used a lot of tools, let's get more details then start some repairs.



    Step 1

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.





    Step 2

    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

      [​IMG]
    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.
     
    schrauber, Dec 16, 2009
    #4

Share This Page