Ok here is the aswMBR scan log -
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-17 01:52:27
01:52:27.670 OS Version: Windows 5.1.2600 Service Pack 3
01:52:27.670 Number of processors: 1 586 0x402
01:52:27.670 ComputerName: KRIS-9D594FBFC9 UserName: Kris
01:52:29.853 Initialize success
01:56:11.362 The log file has been saved successfully to “C:\Documents and Settings\Kris\Desktop\aswMBR.txt”
And here is the results from the MalWareBytes scans, first is a quick second is a full -
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6580
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
5/14/2011 9:58:20 PM
mbam-log-2011-05-14 (21-58-01).txt
Scan type: Quick scan
Objects scanned: 136759
Time elapsed: 9 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\WINDOWS\msvbdl.dll (Trojan.Hiloti) → No action taken.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) → No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) → No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jsijeboqutuna (Trojan.Hiloti) → Value: Jsijeboqutuna → No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\msvbdl.dll (Trojan.Hiloti) → No action taken.
c:\downloads\webfettisetup2.3.67.1.zkfox000.exe (Adware.MyWebSearch) → No action taken.
c:\downloads\zwinkysetup2.3.67.1.zjfox000.exe (Adware.MyWebSearch) → No action taken.
c:\documents and settings\Kris\local settings\Temp\aecxomwsrn.tmp (Trojan.Hiloti) → No action taken.
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6580
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
5/14/2011 11:10:49 PM
mbam-log-2011-05-14 (23-10-40).txt
Scan type: Full scan (C:|)
Objects scanned: 198212
Time elapsed: 46 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\daemon tools pro\daemon.tools.pro.patch.exe (Trojan.Agent) → No action taken.
I have no idea why it says ‘No Action Taken’ they were all quarenteened.