Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MS Essentials Trojan.DOS/Alureon.E [Solved]

Started by sipeki , Dec 02 2011 05:37 AM

  • This topic is locked This topic is locked

#1
sipeki
Posted 02 December 2011 - 05:37 AM

sipeki

    New Member

  • Member
  • Pip
  • 5 posts
Hi,

PC was infected with viruses that could not be removed. Problems booting. COuld only start computer in safe mode with last good configuration. In this mode I was able to create Vista factory restore disks. Which I did. Re-installed and everything looked great.

Installed MS Security Essentials and scanned. MS Security Essentials has detected a virus: Trojan.DOS/Alureon.E

MS SE to remove it but gets an error. I think this could be access rights to this partition. I Am logged on as administrator.

See: ms se sixth screen final screen with error.jpg
As the error states the following:
Error Code 0x8004ec. This program is blocked by grop policy. For more information, contact system administrator


MS Se requests that the computer is rebooted. After the reboot MS SE goes read and the loop starts again.

The trojan seems to be not in the boot portion but the second partition, used for the install files.

The trojan must have embedded itself with the original infection. As the factory restore disks were created from the infected machine.

Have ran all other virus detection tools, included all the rootkit tools listed on this site and other sites.

Can it be resolved by giving MS SE the correct permissions to the partition?

What should I do next?

Regards,

Sipeki

OLT.txt

OTL logfile created on: 02/12/2011 10:36:52 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sharon\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 62.10% Memory free
6.08 Gb Paging File | 5.05 Gb Available in Paging File | 83.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 186.45 Gb Free Space | 83.56% Space Free | Partition Type: NTFS
Drive D: | 83.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SHARON-PC | User Name: Sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/02 03:26:47 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/12/01 21:49:27 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Sharon\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/12/01 20:06:58 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Sharon\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/11/21 11:51:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/01 21:06:08 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/03/11 02:09:28 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009/03/11 02:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009/02/19 03:42:48 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/02/01 06:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe
PRC - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/01/21 02:24:23 | 001,792,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/01 21:09:10 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ba71341e41687591124f9a5680cb0981\System.ServiceProcess.ni.dll
MOD - [2011/12/01 21:08:08 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll
MOD - [2011/12/01 21:07:53 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll
MOD - [2011/12/01 21:07:44 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
MOD - [2011/12/01 21:07:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll
MOD - [2011/12/01 21:07:20 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2011/12/01 21:07:02 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2009/02/02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2008/01/21 02:24:39 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\EventViewer\6.0.0.0__31bf3856ad364e35\EventViewer.dll
MOD - [2008/01/21 02:24:17 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
MOD - [2008/01/21 02:24:06 | 003,371,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MIGUIControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
MOD - [2008/01/21 02:24:06 | 000,163,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll
MOD - [2008/01/21 02:23:49 | 000,188,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
MOD - [2006/11/02 09:47:03 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\MMCFxCommon.dll
MOD - [2003/06/07 21:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - [2011/12/01 19:46:51 | 000,110,576 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/03/11 02:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/02 10:06:24 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C1A7E83-4D4E-44AF-A8DE-B5CF7DF30FEF}\MpKsl5f127e49.sys -- (MpKsl5f127e49)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/02/23 02:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/29 22:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/09/22 13:49:36 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/09/04 04:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/02/29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...1&m=aspire_5738

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...1&m=aspire_5738
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sharon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sharon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sharon\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sharon\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sharon\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sharon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/01 22:14:46 | 000,000,726 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/02 10:36:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2011/12/02 09:56:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/02 09:56:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/02 09:56:43 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/02 09:56:22 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Adobe
[2011/12/02 08:30:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/12/02 03:30:26 | 000,380,928 | ---- | C] (Acer Incorporated) -- C:\Windows\AcerStore.exe
[2011/12/02 03:30:26 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2011/12/02 03:30:12 | 000,199,176 | ---- | C] (Dritek System Inc.) -- C:\Windows\GVUni.exe
[2011/12/02 03:25:05 | 000,207,368 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
[2011/12/02 03:24:51 | 000,952,832 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/12/02 03:24:25 | 001,202,560 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys
[2011/12/02 03:24:25 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2011/12/02 03:24:25 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2011/12/02 03:24:25 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrscoin.dll
[2011/12/02 03:23:54 | 000,020,480 | ---- | C] (Wistron Corp.) -- C:\Windows\PATCHFUL.EXE
[2011/12/02 03:23:52 | 000,000,000 | ---D | C] -- C:\Windows\Lan
[2011/12/01 23:23:50 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Spyware Remover Pro
[2011/12/01 23:23:38 | 005,077,776 | ---- | C] (Spyware Remover Pro) -- C:\Windows\uninst.exe
[2011/12/01 23:23:38 | 001,332,560 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbte.dll
[2011/12/01 23:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Remover Pro
[2011/12/01 23:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SP1Data
[2011/12/01 22:42:45 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/01 22:42:45 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/12/01 22:42:28 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/12/01 22:12:27 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Desktop\RK_Quarantine
[2011/12/01 21:51:57 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/01 21:49:02 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Deployment
[2011/12/01 21:49:02 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Apps
[2011/12/01 21:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/01 21:06:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acer
[2011/12/01 21:02:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/12/01 20:58:35 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\CyberLink
[2011/12/01 20:58:30 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\SoftDMA
[2011/12/01 20:58:20 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\CyberLink
[2011/12/01 20:07:24 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Adobe
[2011/12/01 20:06:29 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\EgisTec
[2011/12/01 20:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec
[2011/12/01 20:06:08 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Google
[2011/12/01 20:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista
[2011/12/01 20:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2011/12/01 20:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\eSobi
[2011/12/01 20:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\eSobi
[2011/12/01 20:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
[2011/12/01 20:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\EgisTec
[2011/12/01 19:59:47 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Acer ePower Management V4
[2011/12/01 19:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2011/12/01 19:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager
[2011/12/01 19:54:04 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Macromedia
[2011/12/01 19:54:03 | 000,000,000 | ---D | C] -- C:\Windows\Screensavers
[2011/12/01 19:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2011/12/01 19:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2011/12/01 19:52:33 | 001,380,352 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE
[2011/12/01 19:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2011/12/01 19:52:08 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\InstallShield
[2011/12/01 19:51:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/12/01 19:50:46 | 001,777,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2011/12/01 19:50:46 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011/12/01 19:50:46 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011/12/01 19:50:45 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2011/12/01 19:50:45 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2011/12/01 19:50:43 | 000,282,112 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\RTPCEE32.dll
[2011/12/01 19:50:40 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2011/12/01 19:50:40 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2011/12/01 19:50:40 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2011/12/01 19:50:39 | 000,159,232 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2011/12/01 19:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Temp
[2011/12/01 19:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/12/01 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Google
[2011/12/01 19:47:26 | 000,000,000 | R--D | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/12/01 19:47:26 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Searches
[2011/12/01 19:47:26 | 000,000,000 | R--D | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/12/01 19:47:08 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Identities
[2011/12/01 19:47:01 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Contacts
[2011/12/01 19:46:56 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\VirtualStore
[2011/12/01 19:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2011/12/01 19:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/12/01 19:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\AppData\Local\Temporary Internet Files
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Templates
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Start Menu
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\SendTo
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Recent
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\PrintHood
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\NetHood
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Documents\My Videos
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Documents\My Pictures
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Documents\My Music
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\My Documents
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Local Settings
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\AppData\Local\History
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Cookies
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Application Data
[2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\AppData\Local\Application Data
[2011/12/01 19:45:00 | 000,000,000 | --SD | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft
[2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Videos
[2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Saved Games
[2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Pictures
[2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Music
[2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Links
[2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Favorites
[2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Downloads
[2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Documents
[2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Desktop
[2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/12/01 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Temp
[2011/12/01 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Microsoft
[2011/12/01 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Media Center Programs
[2011/12/01 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData
[2011/12/01 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Acer GameZone Console
[2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2011/12/01 19:35:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/12/01 19:35:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/12/01 19:34:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/12/01 19:33:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/12/02 10:38:44 | 000,000,162 | -H-- | M] () -- C:\Users\Sharon\Documents\~$virus.rtf
[2011/12/02 10:13:18 | 000,602,478 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/02 10:13:18 | 000,106,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/02 10:05:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 10:05:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 10:05:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/02 10:05:38 | 3144,552,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/02 09:54:10 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495262056-2048674864-3694758281-1000UA.job
[2011/12/02 08:24:14 | 006,459,513 | ---- | M] () -- C:\Users\Sharon\Documents\virus.rtf
[2011/12/01 23:23:38 | 001,332,560 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\sbte.dll
[2011/12/01 23:23:38 | 000,308,560 | ---- | M] () -- C:\Windows\System32\vipre.dll
[2011/12/01 23:23:38 | 000,160,768 | ---- | M] () -- C:\Windows\System32\unrar.dll
[2011/12/01 22:42:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/12/01 22:33:24 | 005,077,776 | ---- | M] (Spyware Remover Pro) -- C:\Windows\uninst.exe
[2011/12/01 21:54:35 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495262056-2048674864-3694758281-1000Core.job
[2011/12/01 21:52:00 | 000,002,051 | ---- | M] () -- C:\Users\Sharon\Desktop\Google Chrome.lnk
[2011/12/01 21:52:00 | 000,002,013 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/01 21:51:07 | 000,000,378 | ---- | M] () -- C:\Users\Sharon\Desktop\Documents.lnk
[2011/12/01 21:36:42 | 000,000,866 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 21:36:07 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/01 21:04:57 | 000,297,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/01 20:07:47 | 000,000,193 | ---- | M] () -- C:\Windows\USER.XML
[2011/12/01 20:06:07 | 000,000,947 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/01 20:04:10 | 000,000,206 | ---- | M] () -- C:\Windows\Factory.xml
[2011/12/01 20:04:01 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI
[2011/12/01 20:04:01 | 000,000,000 | ---- | M] () -- C:\Windows\setup.INI
[2011/12/01 19:58:29 | 000,000,855 | ---- | M] () -- C:\Windows\regfile_I.cmd
[2011/12/01 19:58:29 | 000,000,255 | ---- | M] () -- C:\Windows\regfile_E.cmd
[2011/12/01 19:53:40 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
[2011/12/01 19:53:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2011/12/01 19:38:30 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/11/21 11:51:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2011/12/02 10:38:44 | 000,000,162 | -H-- | C] () -- C:\Users\Sharon\Documents\~$virus.rtf
[2011/12/02 08:24:14 | 006,459,513 | ---- | C] () -- C:\Users\Sharon\Documents\virus.rtf
[2011/12/02 03:30:29 | 000,005,029 | --S- | C] () -- C:\Patch.rev
[2011/12/02 03:24:06 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/12/02 03:24:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2011/12/02 03:24:06 | 000,036,064 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2011/12/02 03:24:06 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2011/12/02 03:24:06 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2011/12/02 03:24:06 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2011/12/02 03:24:05 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/12/02 03:24:05 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2011/12/01 23:23:38 | 000,308,560 | ---- | C] () -- C:\Windows\System32\vipre.dll
[2011/12/01 23:23:38 | 000,160,768 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/12/01 22:42:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/12/01 22:16:45 | 3144,552,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/01 21:52:00 | 000,002,051 | ---- | C] () -- C:\Users\Sharon\Desktop\Google Chrome.lnk
[2011/12/01 21:52:00 | 000,002,013 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/01 21:51:07 | 000,000,378 | ---- | C] () -- C:\Users\Sharon\Desktop\Documents.lnk
[2011/12/01 21:49:33 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495262056-2048674864-3694758281-1000UA.job
[2011/12/01 21:49:32 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495262056-2048674864-3694758281-1000Core.job
[2011/12/01 21:36:40 | 000,000,866 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 21:36:07 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/01 21:24:59 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/01 20:24:33 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/12/01 20:24:33 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/12/01 20:24:33 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/12/01 20:19:44 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/12/01 20:06:07 | 000,000,947 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/01 20:04:01 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI
[2011/12/01 20:04:01 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
[2011/12/01 19:58:45 | 000,000,855 | ---- | C] () -- C:\Windows\regfile_I.cmd
[2011/12/01 19:58:45 | 000,000,255 | ---- | C] () -- C:\Windows\regfile_E.cmd
[2011/12/01 19:53:40 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
[2011/12/01 19:53:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2011/12/01 19:52:33 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011/12/01 19:52:33 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/12/01 19:52:33 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011/12/01 19:52:33 | 000,006,318 | ---- | C] () -- C:\Windows\Suyin.reg
[2011/12/01 19:52:33 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2011/12/01 19:50:48 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2011/12/01 19:50:48 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011/12/01 19:50:48 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011/12/01 19:47:28 | 000,000,953 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/12/01 19:47:25 | 000,000,948 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/12/01 19:47:00 | 000,000,919 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/12/01 19:45:00 | 000,000,258 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/01 19:45:00 | 000,000,240 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/02/18 18:48:55 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/02/18 11:20:22 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/02/18 11:20:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/11 20:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/11 20:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/11 20:03:57 | 000,000,057 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,297,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,602,478 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,106,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/02/18 12:08:05 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Acer GameZone Console
[2011/12/01 20:58:38 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\SoftDMA
[2011/12/01 23:23:50 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Spyware Remover Pro
[2011/12/02 09:57:59 | 000,016,942 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


extra.txt

OTL Extras logfile created on: 02/12/2011 10:36:52 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sharon\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 62.10% Memory free
6.08 Gb Paging File | 5.05 Gb Available in Paging File | 83.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 186.45 Gb Free Space | 83.56% Space Free | Partition Type: NTFS
Drive D: | 83.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SHARON-PC | User Name: Sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5BE5B60E-E0B7-49EE-A390-03021ACA69A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{612212D1-410E-47B7-B783-A45D254C42AA}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{48426CB5-67EA-4BA0-805C-02EC18E74CD4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{498995AE-8E2B-4517-9D6C-D89D39DA1DC2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4F4E0965-BBA5-4870-9894-FFC4F1DDC148}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6E8BDBCB-93B0-4F03-9ADF-2B94E565B54D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{98531B6E-5A0B-455A-830A-874F192B9DFD}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{A8CC19F5-1EE9-4AD1-AD37-CC4E2B25222B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B1059DBF-0C99-402C-A6D5-ADF4A968A6F7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D7594AC6-6FE1-4181-A53D-4D38980F7F1F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{EC667A6D-C696-47D4-9D4A-4E98CC50CBB9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/12/2011 03:54:24 | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 02/12/2011 03:54:29 | Computer Name = Sharon-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/12/2011 04:18:53 | Computer Name = Sharon-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/12/2011 04:23:37 | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 02/12/2011 04:23:37 | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 02/12/2011 04:23:38 | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 02/12/2011 04:23:39 | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 02/12/2011 04:34:51 | Computer Name = Sharon-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/12/2011 06:06:02 | Computer Name = Sharon-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/12/2011 06:36:24 | Computer Name = Sharon-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: c74 Start Time: 01ccb0de0e6c0084 Termination Time: 16

[ System Events ]
Error - 01/12/2011 15:42:42 | Computer Name = Sharon-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 01/12/2011 15:42:42 | Computer Name = Sharon-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 01/12/2011 15:42:42 | Computer Name = Sharon-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 01/12/2011 15:42:42 | Computer Name = Sharon-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 01/12/2011 15:42:42 | Computer Name = Sharon-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 01/12/2011 15:42:42 | Computer Name = Sharon-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 01/12/2011 15:42:42 | Computer Name = Sharon-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 01/12/2011 15:59:05 | Computer Name = Sharon-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 01/12/2011 16:05:41 | Computer Name = Sharon-PC | Source = HTTP | ID = 15016
Description =

Error - 01/12/2011 16:06:43 | Computer Name = Sharon-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Attached Thumbnails

  • PARTITION.jpg
  • MSESSCREEN1.jpg
  • MSESSCREEN2.jpg
  • MSESSCREEN3.jpg
  • MSESSCREEN4.jpg
  • ms se first screen.jpg
  • ms se second screen action remove.jpg
  • ms se third screen action action in progress.jpg
  • ms se fourth screen action action failure.jpg
  • ms se fith screen restart request.jpg
  • ms se sixth screen final screen with error.jpg

Attached Files


  • 0

Advertisements

#2
Essexboy
Posted 02 December 2011 - 01:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi this is a complex infection so please print out these instrucxtions and then read them two or three times to ensure that you are happy with what you are doing. If at any stage you are unsure then stop and ask

Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Windows 7 32-Bit (x86) Recovery Environment

Create a bootable CD, 1 for Gparted and 1 for the Windows 7 Recovery Enviroment, from the ISO images. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image
According to your logs, the partition that you want to delete is 1mb

Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Now reboot from the Windows 7 Recovery Environment CD and execute the following commands:

  • bootrec /FixMbr
  • bootrec /FixBoot
  • exit

If the computer still does not boot properly then from the recovery disc select :

Startup Repair

Once back in Windows.

Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Attach that file.

  • 0

#3
sipeki
Posted 02 December 2011 - 06:23 PM

sipeki

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Essexboy,

Thanks for the detailed instructions.

I get the following when I log into the forum to down load Windows 7 recovery disk:

sipeki, you do not have permission to access this page. This could be due to one of several reasons:


Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.


No problems with the link gparted-live-0.10.0-3.iso.

Will it be okay to use the Windows Recovery Disk on a vista system?

Regards,

Sipeki
  • 0

#4
Essexboy
Posted 03 December 2011 - 05:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you have the actual CD then that will work just as well... We only need it to repair the system after removal of the bad partition
  • 0

#5
sipeki
Posted 03 December 2011 - 11:44 AM

sipeki

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi,

The disks only give the option to restore to factory install or create a new install that does not wip@e out the existing install. So no data is lost.

There is no option for command screen.

Can someone contact the forum that his hosting the download to give access.

Regards,

Simon
  • 0

#6
Essexboy
Posted 03 December 2011 - 12:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
MS have forced them to do this plus they have pulled my other links

There are torrents available but I will not use those

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

[list][*]Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
[*]You now have a Windows 7 System Repair Disc.

If you cannot do this let me know and I should have another link by then
  • 0

#7
sipeki
Posted 03 December 2011 - 01:26 PM

sipeki

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi,

Managed to find a copy Windows 7 32-Bit (x86) Recovery Environment on another site.

Download from here:

http://www.forum.pro...nvironment-iso/

Went through the steps describe and system seems to be clean now.

Have attached the results from MBR CHeck.

Thanks EssexBoy

Regards,

Simon

Attached Files


  • 0

#8
Essexboy
Posted 03 December 2011 - 01:35 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you for that link - :thumbsup:


Are you experiencing any problems at the moment and does windows updates work
  • 0

#9
sipeki
Posted 03 December 2011 - 05:11 PM

sipeki

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi,

Windows has ran a number of updates successfully. MS ES is green. Looks good.

I would say the virus has been dealt with, would you agree?

Regards,

Simon
  • 0

#10
Essexboy
Posted 03 December 2011 - 05:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.



SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#11
Essexboy
Posted 05 December 2011 - 02:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP