[WoWAddictsadface]

Just had a few problems with an installer recently and never have before, Not sure if its the malwarebytes because i've tried the installer without malwarebytes enabled and have added the installer to the exclusion list on both malwarebytes and my firewall.
I do keep getting the warning from malwarebytes that just about anything is spyware when I try to open it and am given the options to ignore and quarentine, but for example If I open IE, i'll get IExplorer.exe is trying to obtain information and may be malicious, same with realplayer, the installer itself, lots of things.

This is the OTL log OTL logfile created on: 08/07/2011 10:09:43 - Run 12
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.44 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 50.77% Memory free
3.29 Gb Paging File | 2.75 Gb Available in Paging File | 83.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.90 Gb Total Space | 44.96 Gb Free Space | 65.25% Space Free | Partition Type: NTFS
Drive D: | 5.61 Gb Total Space | 0.10 Gb Free Space | 1.74% Space Free | Partition Type: FAT32

Computer Name: CHALONER | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/08 10:09:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006/02/25 02:47:02 | 000,114,784 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006/02/25 02:47:00 | 000,266,338 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2005/01/14 10:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/08 10:09:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [On_Demand | Stopped] -- -- (WMPNetworkSvc)
SRV - File not found [On_Demand | Stopped] -- -- (SQLAgent$SONY_MEDIAMGR)
SRV - File not found [On_Demand | Stopped] -- -- (MSSQL$SONY_MEDIAMGR)
SRV - File not found [Disabled | Stopped] -- -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006/02/25 02:47:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/25 02:47:00 | 000,266,338 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/01/14 10:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/16 11:11:12 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/03/08 14:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 22:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 22:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 01:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 22:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/24 13:29:14 | 000,162,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.sys -- (PAC207)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 15:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)


[2011/04/16 20:20:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/10/24 22:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/04/16 20:20:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gnixn0af.default\extensions
[2011/04/16 20:04:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gnixn0af.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/19 03:13:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/07/08 06:25:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\iidytiks\qouleltj.exe) - C:\Program Files\iidytiks\qouleltj.exe File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/06 00:32:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 10:09:20 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/07/08 09:54:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2011/07/08 06:30:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/08 06:19:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/06 15:02:48 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2011/07/06 14:54:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/06 14:26:50 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/06 14:26:27 | 003,081,376 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\install_flash_player.exe
[2011/07/06 14:23:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/07/02 04:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/06/23 15:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/23 15:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/23 15:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/23 15:20:48 | 080,695,592 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\iTunesSetup.exe
[2011/06/15 19:30:06 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2011/07/08 10:09:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/07/08 09:58:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 09:40:28 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{87A57FA9-EB66-472B-9FD4-436E97B06B09}.job
[2011/07/08 09:38:16 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 09:38:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/08 09:38:08 | 1541,984,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 06:25:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/08 05:57:53 | 004,135,855 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/07/07 22:35:45 | 032,448,800 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\WoW-4.0.0-WOW-enGB-Installer.exe
[2011/07/07 09:57:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/07 05:01:17 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/06 15:00:03 | 000,006,616 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/06 14:26:27 | 003,081,376 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\install_flash_player.exe
[2011/07/06 08:26:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/07/05 21:40:13 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/23 15:33:48 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/23 15:29:30 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/23 15:20:48 | 080,695,592 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\iTunesSetup.exe
[2011/06/15 20:51:05 | 000,450,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 20:51:05 | 000,075,710 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 20:46:55 | 000,017,055 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/06/12 15:06:43 | 000,392,029 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Leatrix Latency Fix_2.00.zip

========== Files Created - No Company Name ==========

[2011/07/08 06:29:25 | 000,174,955 | ---- | C] () -- C:\WINDOWS\explorermgr.exe
[2011/07/07 07:19:47 | 1541,984,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/06 15:04:05 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/07/01 17:35:46 | 032,448,800 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\WoW-4.0.0-WOW-enGB-Installer.exe
[2011/06/29 22:46:25 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/23 15:33:48 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/23 15:29:30 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/12 15:06:49 | 000,392,029 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Leatrix Latency Fix_2.00.zip
[2011/06/02 05:17:08 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22470436r
[2011/06/02 05:17:08 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22470436
[2011/06/02 05:16:57 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22470436
[2011/05/23 00:55:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/23 00:10:56 | 000,013,752 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\851qv5n3u157k8101m7f12br0n22
[2011/05/23 00:10:56 | 000,013,752 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\851qv5n3u157k8101m7f12br0n22
[2011/04/21 04:12:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/04/19 21:39:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/19 21:39:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/19 21:39:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/19 21:39:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/15 16:46:54 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/28 18:18:17 | 000,312,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/16 01:34:17 | 000,017,055 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/30 06:12:30 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\hngmfc.dat
[2010/05/25 21:42:40 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/25 00:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2010/02/15 14:55:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2010/01/31 07:34:13 | 007,390,240 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/01/31 07:34:13 | 001,851,424 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/04 06:25:32 | 000,122,631 | ---- | C] () -- C:\WINDOWS\Uninstall.exe
[2009/11/25 07:38:25 | 000,002,586 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2009/11/24 20:05:40 | 000,006,616 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/05 19:35:13 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/05 22:53:21 | 000,145,977 | ---- | C] () -- C:\WINDOWS\hpwins10.dat.temp
[2009/05/05 22:53:21 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat.temp
[2009/05/05 22:52:57 | 000,010,385 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2008/01/13 11:42:54 | 000,012,522 | ---- | C] () -- C:\WINDOWS\CI_SearchHistory.INI
[2007/07/27 01:10:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/07/14 17:10:59 | 000,000,084 | ---- | C] () -- C:\WINDOWS\savers.ini
[2007/06/16 14:58:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/10 19:57:03 | 000,000,092 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/02/10 19:56:58 | 000,000,265 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/12/23 02:31:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2006/05/25 05:03:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/25 04:40:41 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/25 04:36:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/25 04:27:32 | 000,000,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/25 04:22:15 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/05/25 04:20:56 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/25 04:18:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/25 04:18:02 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/05/25 04:18:02 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/25 04:18:02 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/05/25 04:18:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/25 04:18:02 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/25 04:18:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/25 04:18:02 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/25 04:18:01 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/05/25 04:18:01 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/05/25 04:18:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/25 04:02:40 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/25 03:59:11 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/18 01:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/06 00:49:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/06 00:36:34 | 000,450,472 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/06 00:36:34 | 000,075,710 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/06 00:34:46 | 003,573,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/06 00:31:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/06 00:30:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/24 13:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2001/08/23 23:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 23:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 512 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >


I've had a rootkit for some time now and had given up hope, malwarebytes cannot seem to get rid of it and neither could lots of different solutions in my last topic, but this also hasn't caused in issue in the installer before.

[Advertisements]

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:Services
WPFFontCache_v0400
WMPNetworkSvc
SQLAgent$SONY_MEDIAMGR
MSSQL$SONY_MEDIAMGR
LiveUpdate
Automatic LiveUpdate Scheduler
AppMgmt

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\iidytiks\qouleltj.exe) - C:\Program Files\iidytiks\qouleltj.exe File not found
[2011/07/08 09:58:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 09:40:28 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{87A57FA9-EB66-472B-9FD4-436E97B06B09}.job
[2011/07/08 09:38:16 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/02 05:17:08 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22470436r
[2011/06/02 05:17:08 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22470436
[2011/06/02 05:16:57 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22470436
[2011/05/23 00:10:56 | 000,013,752 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\851qv5n3u157k8101m7f12br0n22
[2011/05/23 00:10:56 | 000,013,752 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\851qv5n3u157k8101m7f12br0n22
[2011/04/21 04:12:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

:files
C:\Program Files\iidytiks

:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.


* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

We Need to check for Rootkits with RootRepeal

• Download RootRepeal from the following location and save it to your desktop.
  
• Zip Mirrors (Recommended)
  
  
  http://ad13.geekstog.../RootRepeal.zip
  http://rootrepeal.ps.../RootRepeal.zip

[*]Extract RootRepeal.exe from the archive.
Right click on rootrepeal.zip and Extract All. Then move to the folder it created and find rootrepeal.exe and run it.
[*]Open on your desktop.
[*]Click the tab.
[*]Click the button.
[*]Check all seven boxes:
[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list]
Ron

[RKinner]

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:Services
WPFFontCache_v0400
WMPNetworkSvc
SQLAgent$SONY_MEDIAMGR
MSSQL$SONY_MEDIAMGR
LiveUpdate
Automatic LiveUpdate Scheduler
AppMgmt

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\iidytiks\qouleltj.exe) - C:\Program Files\iidytiks\qouleltj.exe File not found
[2011/07/08 09:58:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 09:40:28 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{87A57FA9-EB66-472B-9FD4-436E97B06B09}.job
[2011/07/08 09:38:16 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/02 05:17:08 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22470436r
[2011/06/02 05:17:08 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22470436
[2011/06/02 05:16:57 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22470436
[2011/05/23 00:10:56 | 000,013,752 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\851qv5n3u157k8101m7f12br0n22
[2011/05/23 00:10:56 | 000,013,752 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\851qv5n3u157k8101m7f12br0n22
[2011/04/21 04:12:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

:files
C:\Program Files\iidytiks

:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.


* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

We Need to check for Rootkits with RootRepeal

• Download RootRepeal from the following location and save it to your desktop.
  
• Zip Mirrors (Recommended)
  
  
  http://ad13.geekstog.../RootRepeal.zip
  http://rootrepeal.ps.../RootRepeal.zip

[*]Extract RootRepeal.exe from the archive.
Right click on rootrepeal.zip and Extract All. Then move to the folder it created and find rootrepeal.exe and run it.
[*]Open on your desktop.
[*]Click the tab.
[*]Click the button.
[*]Check all seven boxes:
[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list]
Ron