Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with backdoor.tdss.565 - I THINK!


  • This topic is locked This topic is locked
25 replies to this topic

#1 lizzieintn

lizzieintn

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 27 August 2010 - 09:56 AM

As requested per setup instructions, I have executed GMER and DDS. I am not sure that GMER executed all the way through, but I will post what log I do have. Since I was following a method to eradicate this infection from another site, I have also executed Combofix (I know now I was not supposed to, so please don't chastise me!), so I will also post that too. It seems that Combofix did not actually perform any actions, but it told me the most about what the infection has done to my PC. I have also executed Dr. Web Cureit and this is what identified the infection as backdoor.tdss.565, but I have my doubts as to that is what it really is as software like tdsskiller from Kaspersky finds nothing.

Most malware scanners find nothing at all. Malwarebytes has never found anything. I have AVG installed, but of course it did not find anything. I have executed MBRcheck and it does find a fake MBR, but it also does not fix it even when I follow the instructions to do so. It seems it doesn't do much good to have all this protection software if it doesn't find anything! This is the first infection I have ever had on my PC.

I have a data backup from 8/14 before I started having any issues, but I cannot perform another backup via the Vista backup because it thinks that my C and D drives are missing. The 8/14 backup will suffice as I had not done much to add to my PC between 8/14 and the onset of this infection.

SYMPTOMS: BSOD at startup when the desktop comes up - most of the time, but not always - and the message changes and sometimes no message other than the PC was shut down to prevent damage. Web site redirection - even when I type in the URL. If I retype it, I can get it back. Always redirect on Google searches. As expected, very slow PC response. Microsoft security updates will not install - other updates from Microsoft not related to security will install. I can run in safe mode without getting BSOD, but the browser redirects still happen. Even if I do get it to boot normally, will likely experience BSOD at some point - sooner or later. IE 8 will not install.

I am fairly PC savvy and am the one that my family turns to when they have PC issues and I can usually fix them...but this I cannot fix as it seems it requires deeper knowledge of computers than what I have! I just fixed my granddaughter's PC and was able to get her data reloaded. I am certainly not at the level you guys are, but I can at least speak the language! I have looked at other posts in the forums that seem to be the same infection, but none of them seem to be exactly the same as what I am experiencing. I saw one that seemed to be exactly what I was experiencing - but they executed tdsskiller from Kaspersky and that fixed it - the same software finds nothing on my PC.

I also opened a ticket with Microsoft, which was related to the security updates not installing, and 2 days later I began experiencing the issues noted above. I spent a while on the phone with them yesterday, and they were trying to do the same things that I have already done - so they were of little help. I think they are going to want me to reinstall Vista but I want to avoid this if at all possible.

Please help!!!

DDS log:

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Liz at 7:43:47.16 on Thu 08/26/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.2375 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Liz\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.att.net/
mStart Page = hxxp://www.dell4me.com/myway
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [cdloader] "c:\users\liz\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
StartupFolder: c:\users\liz\appdata\roaming\micros~1\windows\startm~1\programs\startup\intern~1.lnk - c:\program files\internet explorer\iexplore.exe
StartupFolder: c:\users\liz\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{91120000-0030-0000-0000-0000000ff1ce}\outicon.exe
StartupFolder: c:\users\liz\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: comodo.com\secure
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://67.33.42.5/cab/OCXChecker_8198.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://67.33.42.5/cab/DownloadCenter_8200.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-21 243024]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-2-6 27632]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-21 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-21 29584]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-4-22 73728]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-2-6 90112]
S2 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\drivers\usbhsb.sys [2008-10-19 18690]
S3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\drivers\csrbc01.sys [2008-5-29 83124]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-22 30192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-26 02:41:45 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2010-08-25 05:47:36 0 d-----w- C:\$RECYCLE.BIN
2010-08-25 01:41:57 0 d-----w- C:\_OTL
2010-08-23 03:45:34 0 d-----w- c:\users\liz\DoctorWeb
2010-08-22 14:49:50 65536 --sha-w- c:\users\liz\ntuser.dat{149ad336-adef-11df-a5ff-e24a27efb690}.TM.blf
2010-08-22 14:49:50 524288 --sha-w- c:\users\liz\ntuser.dat{149ad336-adef-11df-a5ff-e24a27efb690}.TMContainer00000000000000000002.regtrans-ms
2010-08-22 14:49:50 524288 --sha-w- c:\users\liz\ntuser.dat{149ad336-adef-11df-a5ff-e24a27efb690}.TMContainer00000000000000000001.regtrans-ms
2010-08-22 05:34:54 0 d-----w- c:\users\liz\appdata\roaming\DataSafeOnline
2010-08-22 03:51:21 0 d-----w- c:\program files\UnHackMe
2010-08-22 03:30:47 65536 --sha-w- c:\users\liz\ntuser.dat{0ecf1a7d-ad98-11df-81cc-001d09c7b142}.TM.blf
2010-08-22 03:30:47 524288 --sha-w- c:\users\liz\ntuser.dat{0ecf1a7d-ad98-11df-81cc-001d09c7b142}.TMContainer00000000000000000002.regtrans-ms
2010-08-22 03:30:47 524288 --sha-w- c:\users\liz\ntuser.dat{0ecf1a7d-ad98-11df-81cc-001d09c7b142}.TMContainer00000000000000000001.regtrans-ms
2010-08-22 00:47:27 0 d-----w- C:\ComboFix
2010-08-21 19:33:58 377635 ----a-w- C:\MGlogs.zip
2010-08-21 19:21:16 0 d-----w- C:\MGtools
2010-08-21 15:25:33 0 ----a-w- c:\users\liz\defogger_reenable
2010-08-21 14:27:56 0 d-----w- c:\program files\common files\Java(4)
2010-08-20 15:00:35 65536 --sha-w- c:\users\liz\ntuser.dat{bc9019bc-ac69-11df-ba2b-001d09c7b142}.TM.blf
2010-08-20 15:00:35 524288 --sha-w- c:\users\liz\ntuser.dat{bc9019bc-ac69-11df-ba2b-001d09c7b142}.TMContainer00000000000000000002.regtrans-ms
2010-08-20 15:00:35 524288 --sha-w- c:\users\liz\ntuser.dat{bc9019bc-ac69-11df-ba2b-001d09c7b142}.TMContainer00000000000000000001.regtrans-ms
2010-08-16 15:19:04 0 d-----w- C:\Mount
2010-08-16 15:16:19 0 d-----w- c:\program files\Windows Imaging
2010-08-16 03:40:41 0 d-----w- c:\program files\Windows AIK
2010-08-14 19:54:26 0 d-----w- c:\program files\WinImage
2010-08-14 16:21:58 0 d-----w- c:\program files\Yahoo!
2010-08-14 01:45:49 0 d-----w- c:\program files\View22
2010-08-12 19:15:56 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-12 19:15:54 274432 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 19:13:13 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 19:13:11 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 19:13:09 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 19:13:09 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 19:13:04 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 19:13:01 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 19:13:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 19:12:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-28 15:16:15 140392 ----a-w- c:\windows\system32\drivers\pci.sys
2010-07-28 15:11:04 98816 ----a-w- c:\windows\sed.exe
2010-07-28 15:11:04 77312 ----a-w- c:\windows\MBR.exe
2010-07-28 15:11:04 256512 ----a-w- c:\windows\PEV.exe
2010-07-28 15:11:04 161792 ----a-w- c:\windows\SWREG.exe
2010-07-28 14:09:14 0 d-----w- c:\users\liz\appdata\roaming\Malwarebytes
2010-07-28 14:08:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 14:08:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-28 14:08:49 0 d-----w- c:\programdata\Malwarebytes
2010-07-28 14:08:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 15:00:53 0 d-----w- c:\users\liz\appdata\roaming\SUPERAntiSpyware.com
2010-07-27 15:00:53 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-27 15:00:33 0 d-----w- c:\program files\SUPERAntiSpyware(62)
2010-07-27 15:00:33 0 d-----w- c:\program files\SUPERAntiSpyware

==================== Find3M ====================

2010-08-25 04:29:42 6604 ----a-w- c:\windows\bthservsdp.dat
2010-07-25 15:32:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:52:27 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:52:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:51:26 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-06 02:50:28 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-06 02:50:27 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-06 02:45:14 143360 ----a-w- c:\windows\inf\infstor.dat
2009-01-21 01:27:30 174 --sha-w- c:\program files\desktop.ini
2009-01-21 01:11:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-16 02:29:46 2048 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
2009-03-16 02:29:46 2048 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
2010-05-25 14:16:41 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2010-05-25 14:18:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052520100526\index.dat
2008-04-23 05:38:16 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
2006-09-18 21:43:37 10 --sha-w- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\config.sys
2006-09-18 21:43:37 10 --sha-w- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\config.sys

============= FINISH: 7:44:03.45 ===============

GMER log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-26 07:43:28
Windows 6.0.6001 Service Pack 1
Running: rkmyrjkh-gmer.exe; Driver: C:\Users\Liz\AppData\Local\Temp\pwldapow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtProtectVirtualMemory 772F8968 5 Bytes JMP 0064000A
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtWriteVirtualMemory 772F92A8 5 Bytes JMP 0065000A
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!KiUserExceptionDispatcher 772F99E8 5 Bytes JMP 0063000A
.text C:\Windows\system32\svchost.exe[964] ole32.dll!CoCreateInstance 76F0E188 5 Bytes JMP 009F000A
.text C:\Windows\system32\svchost.exe[964] USER32.dll!GetCursorPos 76E30F5E 5 Bytes JMP 00EF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1080] ntdll.dll!NtProtectVirtualMemory 772F8968 5 Bytes JMP 0024000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1080] ntdll.dll!NtWriteVirtualMemory 772F92A8 5 Bytes JMP 0025000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1080] ntdll.dll!KiUserExceptionDispatcher 772F99E8 5 Bytes JMP 001F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!DialogBoxIndirectParamW 76E1BD25 5 Bytes JMP 71A15BD3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!DialogBoxParamW 76E31FD5 5 Bytes JMP 71A15B5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!DialogBoxParamA 76E580B2 5 Bytes JMP 71A15B98 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!DialogBoxIndirectParamA 76E583DD 5 Bytes JMP 71A15C0E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!MessageBoxIndirectA 76E6D471 5 Bytes JMP 71A15B19 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!MessageBoxIndirectW 76E6D56B 5 Bytes JMP 71A15AD5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!MessageBoxExA 76E6D5D1 5 Bytes JMP 71A15A9B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!MessageBoxExW 76E6D5F5 5 Bytes JMP 71A15A61 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtProtectVirtualMemory 772F8968 5 Bytes JMP 008D000A
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtWriteVirtualMemory 772F92A8 5 Bytes JMP 008F000A
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!KiUserExceptionDispatcher 772F99E8 5 Bytes JMP 008C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2548] ntdll.dll!NtProtectVirtualMemory 772F8968 5 Bytes JMP 0021000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2548] ntdll.dll!NtWriteVirtualMemory 772F92A8 5 Bytes JMP 0022000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2548] ntdll.dll!KiUserExceptionDispatcher 772F99E8 5 Bytes JMP 0020000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2548] USER32.dll!DialogBoxIndirectParamW 76E1BD25 5 Bytes JMP 71A15BD3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2548] USER32.dll!DialogBoxParamW 76E31FD5 5 Bytes JMP 71A15B5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2548] USER32.dll!DialogBoxParamA 76E580B2 5 Bytes JMP 71A15B98 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2548] USER32.dll!DialogBoxIndirectParamA 76E583DD 5 Bytes JMP 71A15C0E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2548] USER32.dll!MessageBoxIndirectA 76E6D471 5 Bytes JMP 71A15B19 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2548] USER32.dll!MessageBoxIndirectW 76E6D56B 5 Bytes JMP 71A15AD5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2548] USER32.dll!MessageBoxExA 76E6D5D1 5 Bytes JMP 71A15A9B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2548] USER32.dll!MessageBoxExW 76E6D5F5 5 Bytes JMP 71A15A61 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\fastfat \Fat 9BA87A7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001cd8015bdd
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ae46f43
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ae46f43@001bafd6294f 0x5A 0xA7 0x9B 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ae46f43@001adca2ed8e 0xEA 0x44 0x5D 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ae46f43@001cd48fe620 0xBE 0x2B 0x12 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ae46f43@00197f4b8f1e 0xE3 0xD8 0xB3 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001cd8015bdd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f3ae46f43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f3ae46f43@001bafd6294f 0x5A 0xA7 0x9B 0x72 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f3ae46f43@001adca2ed8e 0xEA 0x44 0x5D 0xC0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f3ae46f43@001cd48fe620 0xBE 0x2B 0x12 0xC0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f3ae46f43@00197f4b8f1e 0xE3 0xD8 0xB3 0xD6 ...

---- EOF - GMER 1.0.15 ----

COMBOFIX log:
ComboFix 10-08-24.0A - Liz 08/25/2010 0:28.5.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.3187 [GMT -5:00]
Running from: c:\users\Liz\Downloads\Combo.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\wininit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-25 05:47 . 2010-08-25 05:48 -------- d-----w- c:\users\Liz\AppData\Local\temp
2010-08-25 05:47 . 2010-08-25 05:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-25 05:47 . 2010-08-25 05:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-25 05:09 . 2010-08-25 05:10 -------- d-----w- C:\32788R22FWJFW
2010-08-25 01:41 . 2010-08-25 01:41 -------- d-----w- C:\_OTL
2010-08-23 03:45 . 2010-08-23 13:41 -------- d-----w- c:\users\Liz\DoctorWeb
2010-08-22 05:34 . 2010-08-22 05:34 -------- d-----w- c:\users\Liz\AppData\Roaming\DataSafeOnline
2010-08-22 03:51 . 2010-08-22 03:53 -------- d-----w- c:\program files\UnHackMe
2010-08-22 00:47 . 2010-08-25 02:25 -------- d-----w- C:\ComboFix
2010-08-21 19:33 . 2010-08-21 19:50 377635 ----a-w- C:\MGlogs.zip
2010-08-21 19:21 . 2010-08-21 19:50 -------- d-----w- C:\MGtools
2010-08-21 14:27 . 2010-08-21 14:27 -------- d-----w- c:\program files\Common Files\Java(4)
2010-08-16 15:19 . 2010-08-16 15:19 -------- d-----w- C:\Mount
2010-08-16 15:16 . 2010-08-16 15:16 -------- d-----w- c:\program files\Windows Imaging
2010-08-16 03:40 . 2010-08-16 15:16 -------- d-----w- c:\program files\Windows AIK
2010-08-15 20:05 . 2010-08-15 20:55 -------- d-----w- c:\users\Liz\AppData\Roaming\ImgBurn
2010-08-15 19:41 . 2010-08-15 19:41 -------- d-----w- c:\program files\ImgBurn
2010-08-14 19:54 . 2010-08-14 19:54 -------- d-----w- c:\program files\WinImage
2010-08-14 16:22 . 2010-08-14 16:22 -------- d-----w- c:\users\Liz\AppData\Roaming\Yahoo!
2010-08-14 16:21 . 2010-08-16 15:04 -------- d-----w- c:\program files\Yahoo!
2010-08-14 01:46 . 2010-08-14 01:46 -------- d-----w- c:\users\Liz\AppData\Local\view22
2010-08-14 01:45 . 2010-08-14 01:45 -------- d-----w- c:\program files\View22
2010-08-12 19:15 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-12 19:15 . 2010-06-11 15:31 274432 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 19:13 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 19:13 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 19:13 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 19:13 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 19:13 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 19:13 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 19:13 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 19:12 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-28 15:16 . 2006-11-02 09:50 140392 ----a-w- c:\windows\system32\drivers\pci.sys
2010-07-28 14:09 . 2010-07-28 14:09 -------- d-----w- c:\users\Liz\AppData\Roaming\Malwarebytes
2010-07-28 14:08 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 14:08 . 2010-07-28 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-28 14:08 . 2010-07-28 14:08 -------- d-----w- c:\progra~2\Malwarebytes
2010-07-28 14:08 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 15:02 . 2010-07-27 15:02 63488 ----a-w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-27 15:02 . 2010-07-27 15:02 52224 ----a-w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-27 15:01 . 2010-07-27 15:01 117760 ----a-w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-27 15:00 . 2010-07-27 15:00 -------- d-----w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com
2010-07-27 15:00 . 2010-07-27 15:00 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-07-27 15:00 . 2010-08-22 20:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-27 15:00 . 2010-08-22 04:43 -------- d-----w- c:\program files\SUPERAntiSpyware(62)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 04:29 . 2008-04-22 21:52 6604 ----a-w- c:\windows\bthservsdp.dat
2010-08-25 03:59 . 2010-06-17 04:00 0 ----a-w- c:\users\Liz\AppData\Local\prvlcl.dat
2010-08-25 02:04 . 2008-05-19 13:19 6540 ----a-w- c:\users\Liz\AppData\Local\d3d9caps.dat
2010-08-24 20:33 . 2009-10-04 16:01 -------- d-----w- c:\program files\honestech VHS to DVD 4.0 Plus
2010-08-22 14:45 . 2008-08-29 17:34 -------- d-----w- c:\program files\iTunes
2010-08-22 14:41 . 2008-04-22 22:00 -------- d-----w- c:\program files\Java
2010-08-22 14:41 . 2009-03-14 01:24 -------- d-----w- c:\program files\EfficientDiary
2010-08-22 14:41 . 2008-09-27 17:05 -------- d-----w- c:\program files\INITIO
2010-08-22 14:41 . 2008-08-29 17:34 -------- d-----w- c:\program files\iPod
2010-08-22 14:41 . 2008-04-22 22:00 -------- d-----w- c:\program files\Common Files\Java
2010-08-21 13:52 . 2008-08-29 17:32 -------- d-----w- c:\progra~2\Apple Computer
2010-08-16 15:06 . 2008-10-23 15:24 -------- d-----w- c:\progra~2\WinZip
2010-08-14 19:39 . 2009-09-06 18:03 -------- d-----w- c:\progra~2\Roxio
2010-08-13 08:05 . 2009-11-27 22:34 -------- d-----w- c:\progra~2\Microsoft Help
2010-08-13 08:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-05 13:00 . 2008-08-28 17:17 -------- d-----w- c:\progra~2\Avanquest Bluetooth SDK
2010-07-25 15:32 . 2010-07-25 15:33 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-23 20:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-07-15 13:52 . 2009-06-21 23:11 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:52 . 2010-07-15 13:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:51 . 2009-06-21 23:11 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-01 21:03 . 2008-05-08 14:51 -------- d-----w- c:\users\Liz\AppData\Roaming\ZoomBrowser EX
2010-07-01 21:03 . 2008-04-29 23:24 -------- d-----w- c:\progra~2\ZoomBrowser
2010-06-03 03:21 . 2009-06-21 23:11 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-03-16 02:29 . 2009-03-14 20:04 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-03-16 02:29 . 2009-03-14 20:04 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2008-04-23 05:38 . 2008-04-23 05:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
2006-09-18 21:43 . 2006-11-02 06:25 10 --sha-w- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\config.sys
2006-09-18 21:43 . 2006-11-02 06:25 10 --sha-w- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\config.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"cdloader"="c:\users\Liz\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-12-24 50520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-12 101136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-02 30192]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-12 101136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Internet Explorer.lnk - c:\program files\Internet Explorer\iexplore.exe [2009-6-10 634632]
Microsoft Office Outlook 2007.lnk - c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe [2009-11-27 845584]
OneNote Table Of Contents.onetoc2 [2009-12-15 3656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Button Manager v1.874.lnk]
backup=c:\windows\pss\Button Manager v1.874.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer AE 1.0.lnk]
backup=c:\windows\pss\HD Writer AE 1.0.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Bluetooth Laser Mobile Mouse.lnk]
backup=c:\windows\pss\HP Bluetooth Laser Mobile Mouse.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPoint.lnk]
backup=c:\windows\pss\SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
backup=c:\windows\pss\TotalMedia Backup Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Liz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^E-mail.lnk]
backup=c:\windows\pss\E-mail.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Liz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\Drivers\usbhsb.sys [2001-12-17 18690]
R3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\Drivers\CSRBC01.sys [2008-05-29 83124]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-02 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:04]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:04]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.att.net/
mStart Page = hxxp://www.dell4me.com/myway
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: comodo.com\secure
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://67.33.42.5/cab/OCXChecker_8198.cab
DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://67.33.42.5/cab/DownloadCenter_8200.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 00:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F2BACE]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8c1a0322
\Driver\ACPI -> acpi.sys @ 0x82a9fd4c
\Driver\atapi -> ataport.SYS @ 0x82d6c9a8
\Driver\iaStor -> iastor.sys @ 0x82cabc1a
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-25 00:50:18
ComboFix-quarantined-files.txt 2010-08-25 05:50
ComboFix2.txt 2010-07-28 16:22

Pre-Run: 60,813,881,344 bytes free
Post-Run: 60,744,015,872 bytes free

- - End Of File - - 99D8469309D18028F4A0D54BB5F72936

Attached Files


Edited by lizzieintn, 27 August 2010 - 10:16 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 02 September 2010 - 12:12 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 05 September 2010 - 12:28 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 lizzieintn

lizzieintn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 05 September 2010 - 02:49 AM

Gringo,
I am sorry I did not reply sooner - I did not receive an email notification of a reply to my post until just today. I had been checking the forum religiously up until about 3 days ago...I had basically given up that I would receive a reply!

Much has happened since I posted this because I needed to get my computer in working order. I was able to determine that my computer had an MBR infection. I was able to boot up with a Vista installation DVD and execute bootrec with the fix parameter to fix the MBR. I then executed a Vista upgrade in place. I was still having trouble installing Microsoft updates so I continued my dialogue with Microsoft but they were really of no help. Their solution was to suggest a clean install of Vista, which I am trying to avoid. My computer is slow at times and it seems I can only install one Microsoft update at a time, but the security updates will install. I did execute a fix I found on the Microsoft web site after encountering an update error code that indicated their fix would resolve. Jury is still out as to whether the fix has helped much, although I think it has at least helped somewhat. Only one BSOD since the Vista upgrade and that was during the installation of a Microsoft update.

I am thinking there may still be some things lurking in my computer that are interfering with the Microsoft updates and causing it to be slow at times, so I am thinking that I need to rerun and let you look at the logs to see if you see anything suspicious. My computer is much better than it was, but I am not sure it is completely cured. Perhaps you can help me determine if I now have a healthy computer...or not.

Shall I rerun and repost the logs?

Thanks for being willing to help me...it has been a rough week!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 05 September 2010 - 02:59 AM

Hello

yes do send me the logs as it would not hurt none

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 lizzieintn

lizzieintn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 05 September 2010 - 12:16 PM

I have rerun and created the logs as you requested...and here they are:

DDS LOG:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Liz at 11:48:43.72 on Sun 09/05/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.2105 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Liz\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.att.net/
mStart Page = hxxp://www.dell4me.com/myway
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [cdloader] "c:\users\liz\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
StartupFolder: c:\users\liz\appdata\roaming\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\program files\internet explorer\iexplore.exe
StartupFolder: c:\users\liz\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{91120000-0030-0000-0000-0000000ff1ce}\outicon.exe
StartupFolder: c:\users\liz\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: comodo.com\secure
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://67.33.42.5/cab/OCXChecker_8198.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://67.33.42.5/cab/DownloadCenter_8200.cab
TCP: {7D021E84-2A7D-44DD-9AAF-8E08CBC92E89} = 172.18.145.103 172.18.145.103
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-8-28 30320]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-21 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-21 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-21 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-9-1 73728]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-2-6 90112]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-8-28 69736]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-8-28 24400]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-9-1 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-22 30192]
S3 Normandy;Normandy SR2;c:\windows\system32\drivers\Normandy.sys [2010-8-25 34560]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-05 16:47:26 0 ----a-w- c:\users\liz\defogger_reenable
2010-09-04 19:28:46 0 d-----w- c:\windows\system32\catroot2
2010-09-04 07:18:28 0 d-sh--w- C:\$RECYCLE.BIN
2010-09-03 20:28:33 0 d-----w- c:\program files\Microsoft Easy Assist
2010-09-03 20:27:08 0 d-----w- c:\programdata\Applications
2010-09-03 17:30:44 0 d-----w- c:\windows\system32\SPReview
2010-09-02 21:55:53 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-09-02 21:55:46 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-09-02 21:55:09 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-09-02 21:55:09 94720 ----a-w- c:\windows\system32\logagent.exe
2010-09-02 21:55:05 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-09-02 21:55:00 269312 ----a-w- c:\windows\system32\es.dll
2010-09-02 21:54:58 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-09-02 21:53:24 220160 ----a-w- c:\windows\system32\drivers\bthport.sys
2010-09-02 21:53:23 29184 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2010-09-02 21:53:23 181760 ----a-w- c:\windows\system32\fsquirt.exe
2010-09-02 21:52:46 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-09-02 21:43:08 90112 ----a-w- c:\windows\system32\wshext.dll
2010-09-02 21:43:08 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-09-02 21:43:08 180224 ----a-w- c:\windows\system32\scrobj.dll
2010-09-02 21:43:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2010-09-02 21:43:08 155648 ----a-w- c:\windows\system32\wscript.exe
2010-09-02 21:43:08 135168 ----a-w- c:\windows\system32\wshom.ocx
2010-09-02 21:43:08 135168 ----a-w- c:\windows\system32\cscript.exe
2010-09-02 21:40:48 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-09-02 21:39:48 1645568 ----a-w- c:\windows\system32\connect.dll
2010-09-02 21:28:48 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-09-02 21:27:47 281600 ----a-w- c:\windows\system32\raschap.dll
2010-09-02 21:27:47 244224 ----a-w- c:\windows\system32\rastls.dll
2010-09-02 21:27:04 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-09-02 21:25:45 1334272 ----a-w- c:\windows\system32\msxml6.dll
2010-09-02 21:06:09 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-09-02 21:06:09 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-09-02 21:06:09 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-09-02 21:06:09 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-09-02 21:06:09 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-09-02 21:06:09 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-09-02 21:06:09 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-09-02 21:06:09 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-09-02 21:06:09 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-09-02 21:06:09 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-09-02 21:05:21 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-09-02 21:04:57 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-09-02 21:04:56 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-09-02 21:04:55 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-09-02 21:04:55 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-09-02 21:04:54 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-02 20:47:40 524288 --sha-w- c:\users\liz\ntuser.dat{29547688-b6d3-11df-937a-001f3ae46f43}.TMContainer00000000000000000002.regtrans-ms
2010-09-02 20:47:40 524288 --sha-w- c:\users\liz\ntuser.dat{29547688-b6d3-11df-937a-001f3ae46f43}.TMContainer00000000000000000001.regtrans-ms
2010-09-02 20:47:39 65536 --sha-w- c:\users\liz\ntuser.dat{29547688-b6d3-11df-937a-001f3ae46f43}.TM.blf
2010-09-02 18:27:22 2868224 ----a-w- c:\windows\system32\mf.dll
2010-09-02 18:26:48 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-09-02 18:26:48 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-09-02 18:25:44 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-09-02 17:33:33 65536 --sha-w- c:\users\liz\ntuser.dat{0a03442b-b6b8-11df-956f-001f3ae46f43}.TM.blf
2010-09-02 17:33:33 524288 --sha-w- c:\users\liz\ntuser.dat{0a03442b-b6b8-11df-956f-001f3ae46f43}.TMContainer00000000000000000002.regtrans-ms
2010-09-02 17:33:33 524288 --sha-w- c:\users\liz\ntuser.dat{0a03442b-b6b8-11df-956f-001f3ae46f43}.TMContainer00000000000000000001.regtrans-ms
2010-09-02 05:23:59 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-09-02 05:23:50 98304 ----a-w- c:\windows\system32\cabview.dll
2010-09-02 05:11:32 20 --sh--w- c:\users\liz\ntuser.ini
2010-09-02 05:09:43 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-09-02 05:09:08 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-09-02 05:08:51 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-09-02 05:08:51 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-09-02 03:09:35 0 d-----w- c:\windows\Panther
2010-09-02 03:09:10 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2010-09-02 03:09:10 16480 ----a-w- c:\windows\system32\rixdicon.dll
2010-09-02 03:09:06 90112 ----a-w- c:\windows\system32\snymsico.dll
2010-09-02 03:09:06 43520 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-09-02 03:09:00 32256 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-09-02 03:07:10 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-09-02 03:06:52 595456 ----a-w- c:\windows\system32\stapo.dll
2010-09-02 03:06:52 492544 ----a-w- c:\windows\system32\ctapo32.dll
2010-09-02 03:06:52 45568 ----a-w- c:\windows\system32\ctppld.dll
2010-09-02 03:06:52 330240 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-09-02 03:06:52 328704 ----a-w- c:\windows\system32\stcplx.dll
2010-09-02 03:06:52 299520 ----a-w- c:\windows\system32\stapi32.dll
2010-09-02 03:06:52 146944 ----a-w- c:\windows\system32\st325614.dll
2010-09-02 03:04:58 24 ---ha-w- c:\windows\dell_version
2010-09-02 03:04:58 0 d-----w- c:\windows\system32\OEM
2010-09-02 02:47:11 0 d-----w- C:\$WINDOWS.~Q
2010-09-02 02:24:26 0 d-----w- C:\$INPLACE.~TR
2010-09-02 00:59:37 0 d-----w- c:\programdata\Hewlett-Packard
2010-09-02 00:59:35 0 d-----w- c:\programdata\HP
2010-09-02 00:58:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-09-02 00:58:47 3308 ----a-w- c:\windows\bthservsdp.dat
2010-09-02 00:58:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-09-02 00:58:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2010-09-02 00:57:11 0 d-----w- c:\program files\CONEXANT
2010-09-02 00:56:56 0 d-----w- c:\program files\Sigmatel
2010-09-02 00:56:54 73728 ----a-w- c:\windows\system32\AEstSrv.exe
2010-09-02 00:56:54 647168 ----a-w- c:\windows\system32\aestecap.dll
2010-09-02 00:56:54 53248 ----a-w- c:\windows\system32\aestaren.dll
2010-09-02 00:56:54 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2010-09-02 00:56:54 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-09-02 00:56:54 131072 ----a-w- c:\windows\system32\aestacap.dll
2010-09-02 00:56:54 102400 ----a-w- c:\windows\system32\stacsv.exe
2010-09-02 00:56:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-09-02 00:56:49 0 d-----w- c:\program files\DellTPad
2010-09-02 00:21:11 0 d-----w- C:\found.008
2010-09-01 23:11:44 8192 --s-a-r- C:\BOOTSECT.BAK
2010-09-01 21:18:15 1887 ----a-w- c:\windows\diagwrn.xml
2010-09-01 21:18:15 1887 ----a-w- c:\windows\diagerr.xml
2010-09-01 00:05:03 81920 ----a-w- c:\users\liz\remover.exe
2010-08-28 15:04:06 69736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-08-28 15:04:06 68120 ----a-w- c:\windows\system32\PxSecure.dll
2010-08-28 15:04:06 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-08-28 15:04:06 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-08-28 15:04:05 0 d-----w- c:\program files\Prevx
2010-08-28 15:03:49 0 d-----w- c:\programdata\PrevxCSI
2010-08-28 15:03:48 48 ----a-w- c:\windows\wininit.ini
2010-08-26 20:16:54 0 d-----w- C:\ea
2010-08-26 02:41:45 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2010-08-25 01:41:57 0 d-----w- C:\_OTL
2010-08-23 03:45:34 0 d-----w- c:\users\liz\DoctorWeb
2010-08-22 05:34:54 0 d-----w- c:\users\liz\appdata\roaming\DataSafeOnline
2010-08-22 03:51:21 0 d-----w- c:\program files\UnHackMe
2010-08-22 00:47:27 0 d-----w- C:\ComboFix
2010-08-21 19:33:58 377635 ----a-w- C:\MGlogs.zip
2010-08-21 19:21:16 0 d-----w- C:\MGtools
2010-08-21 14:27:56 0 d-----w- c:\program files\common files\Java(4)
2010-08-16 15:19:04 0 d-----w- C:\Mount
2010-08-16 15:16:19 0 d-----w- c:\program files\Windows Imaging
2010-08-16 03:40:41 0 d-----w- c:\program files\Windows AIK
2010-08-14 19:54:26 0 d-----w- c:\program files\WinImage
2010-08-14 16:21:58 0 d-----w- c:\program files\Yahoo!
2010-08-14 01:45:49 0 d-----w- c:\program files\View22

==================== Find3M ====================

2010-09-05 08:07:02 86016 ----a-w- c:\windows\inf\infpub.dat
2010-09-05 08:07:02 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-05 08:07:02 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-05 08:07:02 143360 ----a-w- c:\windows\inf\infstor.dat
2010-09-03 17:52:15 30808 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-09-02 02:05:04 21444 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-25 15:32:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:52:27 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:52:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:51:26 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-28 16:17:26 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-04-23 05:38:16 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 11:50:53.51 ===============


DDS ATTACH LOG:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 9/1/2010 9:28:02 PM
System Uptime: 9/5/2010 10:44:17 AM (1 hours ago)

Motherboard: Dell Inc. | | 0UK439
Processor: Intel® Core™2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 2000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 220 GiB total, 23.461 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 298 GiB total, 265.142 GiB free.
G: is FIXED (NTFS) - 10 GiB total, 5.259 GiB free.
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
7-Zip 4.65
7500_7600_7700_Help
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Backup & Record
Autodesk MapGuide® Viewer ActiveX Control Release 6.5
Avanquest update
AVG Free 9.0
Banctec Service Agreement
Bonjour
BPD_HPSU
BPD_Scan
BPDSoftware
BPDSoftware_Ini
Broadcom Management Programs
Browser Address Error Redirector
BufferChm
Button Manager v1.874
Canon Camera Access Library
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CDDRV_Installer
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows
CustomerResearchQFolder
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
Efficient Diary 1.51
eSupportQFolder
Fax
FreeUndelete
FTP Commander
GeoVision ADPCM
GeoVision H264
GeoVision JPEG
GeoVision MPEG2
GeoVision MPEG4
GeoVision MPEG4 ASP
GeoVision MPEG4 AVC
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
HD Writer AE 1.0 for HDC
honestech VHS to DVD 4.0 Plus
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Bluetooth Laser Mobile Mouse 1.00.06
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Product Assistant
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
ImgBurn
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 4
Java™ 6 Update 5
Java™ SE Runtime Environment 6
Junk Mail filter update
K-Lite Codec Pack 5.1.0 (Basic)
KhalSetup
L7500
M2TS to AVI MP4 DVD Converter 1.70
Malwarebytes' Anti-Malware
MarketResearch
MediaDirect
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Easy Assist v2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Modem Diagnostic Tool
Move Media Player
MPM
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NetWaiting
Nokia Connectivity Cable Driver
Nucleus Kernel Digital Media Demo ver 4.02
OGA Notifier 2.0.0048.0
OutlookAddinSetup
PC Connectivity Solution
Product Documentation Launcher
ProductContext
QuickSet
QuickTime
RiteRecovery
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SetPoint
Smart PDF Converter 4.2.3.267
SolutionCenter
Sony Ericsson PC Suite 6.009.00
SpeedFan (remove only)
Status
SUPERAntiSpyware
Toolbox
TrayApp
Uniblue RegistryBooster 2009
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
USB2.0 VIDBOX NW03
User's Guides
View22
WeatherBug
WebReg
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Automated Installation Kit
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinImage

==== End Of File ===========================


RKUNHOOKER REPORT:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x91606000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6467584 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82206000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82206000 PnpManager 3903488 bytes
0x82206000 RAW 3903488 bytes
0x82206000 WMIxWDM 3903488 bytes
0x982E0000 Win32k 2101248 bytes
0x982E0000 C:\Windows\System32\win32k.sys 2101248 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8380C000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x8340B000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x9340F000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x83601000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x806C5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xACAE6000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x83705000 C:\Windows\System32\Drivers\dump_iaStor.sys 778240 bytes
0x83201000 C:\Windows\system32\drivers\iastor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x93512000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xAB400000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x91C31000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x91D47000 C:\Windows\system32\DRIVERS\bcmwl6.sys 548864 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x83006000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x83330000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAB506000 C:\Windows\system32\drivers\HTTP.sys 438272 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x93D37000 C:\Windows\system32\DRIVERS\btwavdt.sys 417792 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x8060B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x932FA000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)
0x8357B000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xACA7E000 C:\Windows\System32\DRIVERS\srv.sys 311296 bytes (Microsoft Corporation, Server driver)
0x83138000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x936B1000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8308F000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80684000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x807A5000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x91CE8000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x933A1000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x93758000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x93645000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x93CC8000 C:\Windows\System32\Drivers\bthport.sys 237568 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x83541000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0xACA06000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8391B000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x937BB000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x932B5000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x825BF000 ACPI_HAL 208896 bytes
0x825BF000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x832E5000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9367F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x831B4000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x9334F000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x833A1000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x83516000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x93274000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xAB4BF000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xACBCE000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8396E000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x830E6000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xACA57000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x93C47000 C:\Windows\system32\DRIVERS\Dot4.sys 151552 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
0x9337C000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x93201000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x93730000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x839A6000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x933DE000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAB5BC000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xAB5DC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x832C7000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAB571000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x836EA000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x93DD8000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x93D1D000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x837C3000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xAB58E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x833CD000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xACA3F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9379E000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x831E2000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x93C0A000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xAF631000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x936F9000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9361B000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAB5A7000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x93247000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xAF60A000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x93233000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x837EB000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x93631000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x835CC000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xAB4F3000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9371D000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x91D35000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x93C6C000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xAF61F000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x83995000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x932E9000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8066B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x93D02000 C:\Windows\system32\DRIVERS\rfcomm.sys 69632 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x91DCD000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0x83317000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x93C96000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xAB4AF000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x83197000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x91DDD000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x937EF000 C:\Windows\System32\drivers\pxrts.sys 65536 bytes (Prevx, Prevx Realtime Security)
0x9325C000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x839F1000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x93DC9000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8395E000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8310D000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x93224000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x91D26000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x83129000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x91DED000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x98520000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x9370F000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x93604000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83189000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x837DD000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0x93DB2000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x93C3A000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
0x935C6000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x932A8000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x93C23000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x91CD0000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x83082000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x93CBC000 C:\Windows\System32\Drivers\BTHUSB.sys 49152 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x93D9D000 C:\Windows\system32\DRIVERS\hidbth.sys 49152 bytes (Microsoft Corporation, Bluetooth Miniport Driver for HID Devices)
0xACACA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x93400000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x835DF000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x83800000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x807EE000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x833F0000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x833E5000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x839DD000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x91CDD000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8311F000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x93D13000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x93DBF000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9329E000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAB4E9000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x93794000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xACBC4000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x93C30000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0xAF647000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x835EA000 C:\Windows\System32\Drivers\cdrbsdrv.SYS 36864 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0x839C7000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x93C7E000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
0x935D3000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x93C8D000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x93DA9000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xAF650000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x83327000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x93612000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x98500000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x839E8000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x83400000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x830D5000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x835F3000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0x832BF000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8067C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x80603000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x93CAD000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x830DE000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x935EA000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x807E6000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x83954000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xACAD6000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x935E3000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x935F3000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x83182000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x93CA6000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x93CB5000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 28672 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x935DC000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x831A7000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x937B5000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x93C87000 C:\Windows\System32\Drivers\LUsbFilt.Sys 24576 bytes (Logitech, Inc., Logitech USB Filter Driver.)
0x831AE000 C:\Windows\System32\drivers\pxscan.sys 24576 bytes (Prevx, Prevx Scanner)
0x93752000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x9326C000 C:\Windows\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0x91DFB000 C:\Windows\System32\drivers\pxkbf.sys 20480 bytes (Prevx, Prevx Keyboard Security)
0x91600000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xACAE2000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8311C000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8395C000 C:\Windows\system32\speedfan.sys 8192 bytes (Windows ® 2000 DDK provider, SpeedFan Device Driver)
0x93272000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x93C21000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8396D000 C:\Windows\system32\giveio.sys 4096 bytes
==============================================
>Stealth
==============================================
0x05080000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0x8B1E7020 ] PID: 2408, 1703936 bytes
0x01D00000 Hidden Image-->msvcm80.dll [ EPROCESS 0x8B1E7020 ] PID: 2408, 507904 bytes
0x04090000 Hidden Image-->msvcm80.dll [ EPROCESS 0x87C0EA08 ] PID: 3348, 507904 bytes
0x01B40000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x8B1E7020 ] PID: 2408, 73728 bytes
0x04140000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x87C0EA08 ] PID: 3348, 73728 bytes


Thanks!

#7 lizzieintn

lizzieintn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 05 September 2010 - 12:21 PM

Oops...I forgot to add a comment regarding how my computer is doing and any problems. No problems rerunning the logs - but computer is VERY slow to boot up and seems to have issues with the task bar not functioning at times (spinning circle when I try to access the task bar). It seems once it boots up, then it is OK...but it takes an extraordinarily long time to boot up and I do not have much in startup.

Also, I tried installing 4 small Vista security updates all at the same time and they all failed. I then took 3 of those updates and installed them one by one...and they all worked. I only have about 50 more to go...LOL...

Thanks!!!

Edited by lizzieintn, 05 September 2010 - 12:21 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 05 September 2010 - 12:28 PM

Hello

Please do The following.


It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 lizzieintn

lizzieintn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 05 September 2010 - 02:46 PM

Well, ran Combofix and it rebooted my computer when I stepped away...so not sure what happened there...but I do have the log below (which doesn't look like a good thing to me!). My suspicions of something still lurking in my computer seem to be confirmed by Combofix. I am not believing this!!! My computer did seem to boot up faster, but I still suspect it is not clean. It's nearly like it is a self restoring virus!!! sad.gif

Combofix log:

ComboFix 10-09-04.06 - Liz 09/05/2010 13:12:50.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.2062 [GMT -5:00]
Running from: c:\users\Liz\Desktop\Combo.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-05 18:21 . 2010-09-05 18:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-05 18:21 . 2010-09-05 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-05 18:08 . 2010-09-05 18:09 -------- d-----w- C:\32788R22FWJFW
2010-09-04 19:28 . 2010-09-04 19:39 -------- d-----w- c:\windows\system32\catroot2
2010-09-03 20:28 . 2010-09-03 20:28 -------- d-----w- c:\program files\Microsoft Easy Assist
2010-09-03 20:27 . 2010-09-03 20:27 -------- d-----w- c:\programdata\Applications
2010-09-03 17:30 . 2010-09-03 17:30 -------- d-----w- c:\windows\system32\SPReview
2010-09-02 21:55 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-09-02 21:55 . 2008-05-10 01:33 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-09-02 21:55 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-09-02 21:55 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2010-09-02 21:55 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-09-02 21:55 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2010-09-02 21:54 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-09-02 21:53 . 2008-04-29 01:42 220160 ----a-w- c:\windows\system32\drivers\bthport.sys
2010-09-02 21:53 . 2008-04-29 03:54 181760 ----a-w- c:\windows\system32\fsquirt.exe
2010-09-02 21:53 . 2008-04-29 01:42 29184 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2010-09-02 21:52 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-09-02 21:43 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2010-09-02 21:43 . 2008-05-08 21:59 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-09-02 21:43 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2010-09-02 21:43 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2010-09-02 21:43 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2010-09-02 21:43 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2010-09-02 21:40 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-09-02 21:39 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2010-09-02 21:28 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-09-02 21:27 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-09-02 21:27 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-09-02 21:27 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-09-02 21:25 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll
2010-09-02 21:06 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-09-02 21:06 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-09-02 21:06 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-09-02 21:06 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-09-02 21:06 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-09-02 21:06 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-09-02 21:06 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-09-02 21:06 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-09-02 21:06 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-09-02 21:06 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-09-02 21:05 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-09-02 21:04 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-09-02 21:04 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-09-02 21:04 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-09-02 21:04 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-02 18:27 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2010-09-02 18:26 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-09-02 18:26 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-09-02 18:25 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-09-02 05:23 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-09-02 05:23 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-09-02 05:13 . 2010-09-04 16:27 105408 ----a-w- c:\users\Liz\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-02 05:09 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-09-02 05:09 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-09-02 05:09 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-09-02 05:09 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-09-02 05:09 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-09-02 05:09 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-09-02 05:09 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-09-02 05:08 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-09-02 05:08 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-09-02 05:03 . 2010-09-02 08:17 -------- d-----w- c:\windows\Debug
2010-09-02 03:09 . 2010-09-02 02:30 -------- d-----w- c:\windows\Panther
2010-09-02 03:09 . 2006-11-27 07:48 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2010-09-02 03:09 . 2006-11-27 07:48 16480 ----a-w- c:\windows\system32\rixdicon.dll
2010-09-02 03:09 . 2006-11-27 07:48 90112 ----a-w- c:\windows\system32\snymsico.dll
2010-09-02 03:09 . 2006-11-27 07:48 43520 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-09-02 03:09 . 2006-11-27 07:48 32256 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-09-02 03:07 . 2008-01-09 18:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-09-02 03:06 . 2008-01-02 04:37 330240 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-09-02 03:06 . 2008-01-02 04:37 595456 ----a-w- c:\windows\system32\stapo.dll
2010-09-02 03:06 . 2008-01-02 04:37 328704 ----a-w- c:\windows\system32\stcplx.dll
2010-09-02 03:06 . 2008-01-02 04:37 299520 ----a-w- c:\windows\system32\stapi32.dll
2010-09-02 03:06 . 2008-01-02 04:37 492544 ----a-w- c:\windows\system32\ctapo32.dll
2010-09-02 03:06 . 2008-01-02 04:37 45568 ----a-w- c:\windows\system32\ctppld.dll
2010-09-02 03:06 . 2008-01-02 04:37 146944 ----a-w- c:\windows\system32\st325614.dll
2010-09-02 03:04 . 2010-09-02 03:04 -------- d-----w- c:\windows\system32\OEM
2010-09-02 02:47 . 2010-09-02 02:47 -------- d-----w- C:\$WINDOWS.~Q
2010-09-02 02:24 . 2010-09-02 02:24 -------- d-----w- C:\$INPLACE.~TR
2010-09-02 01:50 . 2010-09-02 01:50 -------- d-----w- c:\users\Default\video
2010-09-02 01:50 . 2010-09-02 01:50 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-09-02 00:59 . 2010-09-02 00:59 -------- d-----w- c:\programdata\Hewlett-Packard
2010-09-02 00:59 . 2010-09-02 01:07 -------- d-----w- c:\programdata\HP
2010-09-02 00:59 . 2008-07-24 17:09 273920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp58a.dll
2010-09-02 00:58 . 2010-09-05 18:23 3308 ----a-w- c:\windows\bthservsdp.dat
2010-09-02 00:57 . 2010-09-02 00:57 -------- d-----w- c:\program files\CONEXANT
2010-09-02 00:56 . 2010-09-02 00:56 -------- d-----w- c:\program files\Sigmatel
2010-09-02 00:56 . 2008-01-02 04:37 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-09-02 00:56 . 2008-01-02 04:37 102400 ----a-w- c:\windows\system32\stacsv.exe
2010-09-02 00:56 . 2008-01-02 04:37 73728 ----a-w- c:\windows\system32\AEstSrv.exe
2010-09-02 00:56 . 2008-01-02 04:37 647168 ----a-w- c:\windows\system32\aestecap.dll
2010-09-02 00:56 . 2008-01-02 04:37 53248 ----a-w- c:\windows\system32\aestaren.dll
2010-09-02 00:56 . 2008-01-02 04:37 131072 ----a-w- c:\windows\system32\aestacap.dll
2010-09-02 00:56 . 2010-09-02 23:36 -------- d-----w- c:\program files\DellTPad
2010-09-02 00:21 . 2010-09-02 00:21 -------- d-----w- C:\found.008
2010-09-01 22:04 . 2010-09-01 22:04 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\1
2010-09-01 00:05 . 2010-07-22 00:50 81920 ----a-w- c:\users\Liz\remover.exe
2010-08-28 15:04 . 2010-08-28 15:04 69736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-08-28 15:04 . 2010-08-28 15:04 68120 ----a-w- c:\windows\system32\PxSecure.dll
2010-08-28 15:04 . 2010-08-28 15:04 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-08-28 15:04 . 2010-08-28 15:04 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-08-28 15:04 . 2010-09-02 01:06 -------- d-----w- c:\program files\Prevx
2010-08-28 15:03 . 2010-09-02 01:07 -------- d-----w- c:\programdata\PrevxCSI
2010-08-26 20:16 . 2010-08-26 20:16 -------- d-----w- C:\ea
2010-08-26 19:51 . 2010-09-02 01:06 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-25 01:41 . 2010-08-25 01:41 -------- d-----w- C:\_OTL
2010-08-23 03:45 . 2010-09-02 01:40 -------- d-----w- c:\users\Liz\DoctorWeb
2010-08-22 05:34 . 2010-09-02 01:39 -------- d-----w- c:\users\Liz\AppData\Roaming\DataSafeOnline
2010-08-22 03:51 . 2010-09-02 01:06 -------- d-----w- c:\program files\UnHackMe
2010-08-22 00:47 . 2010-08-25 02:25 -------- d-----w- C:\ComboFix
2010-08-21 19:33 . 2010-08-21 19:50 377635 ----a-w- C:\MGlogs.zip
2010-08-21 19:21 . 2010-08-21 19:50 -------- d-----w- C:\MGtools
2010-08-21 14:27 . 2010-09-02 01:03 -------- d-----w- c:\program files\Common Files\Java(4)
2010-08-16 15:19 . 2010-08-16 15:19 -------- d-----w- C:\Mount
2010-08-16 15:16 . 2010-09-02 01:06 -------- d-----w- c:\program files\Windows Imaging
2010-08-16 03:40 . 2010-09-02 01:06 -------- d-----w- c:\program files\Windows AIK
2010-08-15 20:05 . 2010-09-02 01:39 -------- d-----w- c:\users\Liz\AppData\Roaming\ImgBurn
2010-08-15 19:41 . 2010-09-02 01:05 -------- d-----w- c:\program files\ImgBurn
2010-08-14 19:54 . 2010-09-02 01:06 -------- d-----w- c:\program files\WinImage
2010-08-14 16:22 . 2010-09-02 01:39 -------- d-----w- c:\users\Liz\AppData\Roaming\Yahoo!
2010-08-14 16:21 . 2010-09-02 01:06 -------- d-----w- c:\program files\Yahoo!
2010-08-14 01:46 . 2010-09-02 01:39 -------- d-----w- c:\users\Liz\AppData\Local\view22
2010-08-14 01:45 . 2010-09-02 01:06 -------- d-----w- c:\program files\View22

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 16:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-03 19:05 . 2008-09-27 19:38 -------- d-----w- c:\program files\Uniblue
2010-09-03 17:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-09-03 17:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-09-03 17:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-09-03 17:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-09-03 17:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-09-03 17:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-09-02 23:37 . 2010-02-18 02:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 02:05 . 2008-05-01 07:48 21444 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-02 01:09 . 2009-01-21 14:26 -------- d-----w- c:\programdata\WindowsSearch
2010-09-02 01:09 . 2008-09-27 19:38 -------- dc-h--w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2010-09-02 01:09 . 2008-06-19 02:35 -------- d-----w- c:\programdata\WLInstaller
2010-09-02 01:09 . 2008-04-22 22:18 -------- d-----w- c:\programdata\Uninstall
2010-09-02 01:09 . 2010-07-27 15:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-02 01:09 . 2008-04-22 22:13 -------- d-----w- c:\programdata\SupportSoft
2010-09-02 01:06 . 2008-08-29 17:32 -------- d-----w- c:\programdata\Apple Computer
2010-09-02 01:05 . 2010-07-28 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-02 01:05 . 2009-09-09 17:31 -------- d-----w- c:\program files\Microsoft
2010-09-02 01:05 . 2009-09-07 03:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-09-02 01:05 . 2008-05-01 03:49 -------- d-----w- c:\program files\kodak
2010-09-02 01:05 . 2008-04-22 22:00 -------- d-----w- c:\program files\Java
2010-09-02 01:05 . 2008-05-01 03:46 -------- d-----w- c:\program files\jasc software inc
2010-09-02 01:05 . 2008-05-01 03:46 -------- d-----w- c:\program files\intuit
2010-09-02 01:05 . 2008-04-22 22:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-02 01:05 . 2009-09-23 20:17 -------- d-----w- c:\program files\iCall
2010-09-02 01:05 . 2009-07-09 02:33 -------- d-----w- c:\program files\HP Bluetooth Laser Mobile Mouse
2010-09-02 01:05 . 2008-09-27 17:05 -------- d-----w- c:\program files\INITIO
2010-09-02 01:05 . 2008-04-30 00:23 -------- d-----w- c:\program files\HP
2010-09-02 01:03 . 2008-04-22 22:07 -------- d-----w- c:\program files\Common Files\Logitech
2010-09-02 00:58 . 2010-09-02 00:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-09-02 00:58 . 2010-09-02 00:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-09-02 00:58 . 2010-09-02 00:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2010-09-02 00:56 . 2010-09-02 00:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-08-16 15:06 . 2008-10-23 15:24 -------- d-----w- c:\programdata\WinZip
2010-08-14 19:39 . 2009-09-06 18:03 -------- d-----w- c:\programdata\Roxio
2010-07-25 15:32 . 2010-07-25 15:33 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:52 . 2009-06-21 23:11 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:52 . 2010-07-15 13:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:51 . 2009-06-21 23:11 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-28 16:17 . 2010-09-02 18:28 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-09-02 18:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-04-23 05:38 . 2008-04-23 05:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Liz\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-12-24 50520]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-02 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-12 101136]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-12 101136]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]

c:\users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch Internet Explorer Browser.lnk - c:\program files\Internet Explorer\iexplore.exe [2010-9-2 634648]
Microsoft Office Outlook 2007.lnk - c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe [2009-11-27 845584]
OneNote Table Of Contents.onetoc2 [2009-12-15 3656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Button Manager v1.874.lnk]
backup=c:\windows\pss\Button Manager v1.874.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer AE 1.0.lnk]
backup=c:\windows\pss\HD Writer AE 1.0.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Bluetooth Laser Mobile Mouse.lnk]
backup=c:\windows\pss\HP Bluetooth Laser Mobile Mouse.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPoint.lnk]
backup=c:\windows\pss\SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
backup=c:\windows\pss\TotalMedia Backup Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Liz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^E-mail.lnk]
backup=c:\windows\pss\E-mail.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Liz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:70,0b,9c,62,36,4b,cb,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-02 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-08-28 30320]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-08-28 69736]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-08-28 24400]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:04]

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:04]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.att.net/
mStart Page = hxxp://www.dell4me.com/myway
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: comodo.com\secure
TCP: {7D021E84-2A7D-44DD-9AAF-8E08CBC92E89} = 172.18.145.103 172.18.145.103
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://67.33.42.5/cab/OCXChecker_8198.cab
DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://67.33.42.5/cab/DownloadCenter_8200.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5004)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-09-05 13:39:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-05 18:39
ComboFix2.txt 2010-09-04 07:20
ComboFix3.txt 2010-08-25 05:50
ComboFix4.txt 2010-07-28 16:22

Pre-Run: 24,463,302,656 bytes free
Post-Run: 24,580,595,712 bytes free

- - End Of File - - 176FA0D7A9F9831B2B3880A0B6834313




#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 05 September 2010 - 03:01 PM

Good day

Ok lets see if we can find another

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
CODE
:filefind
userinit.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 lizzieintn

lizzieintn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 05 September 2010 - 03:12 PM

Here's the SystemLook log:

SystemLook 04.09.10 by jpshortstuff
Log created at 15:06 on 05/09/2010 by Liz
Administrator - Elevation successful

========== filefind ==========

Searching for "userinit.*"
C:\Qoobox\Quarantine\C\Windows\system32\userinit.exe.vir --a---- 25088 bytes [02:24 21/01/2008] [02:24 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\ERDNT\cache\userinit.exe --a---- 25088 bytes [16:21 28/07/2010] [07:33 19/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\Prefetch\USERINIT.EXE-5114915C.pf --a---- 14406 bytes [05:11 02/09/2010] [15:47 05/09/2010] 3B7D6BBD763605A8346EF4239742431B
C:\Windows\System32\userinit.exe --a---- 25088 bytes [02:24 21/01/2008] [02:24 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\System32\en-US\userinit.exe.mui --a---- 4096 bytes [12:41 02/11/2006] [12:41 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8db9e42fd56781f2\userinit.exe.mui --a---- 4096 bytes [12:41 02/11/2006] [12:41 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe --a---- 25088 bytes [02:24 21/01/2008] [02:24 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9

-= EOF =-

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 05 September 2010 - 04:04 PM

Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
      /md5start
      userinit.exe
      /md5stop
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time,


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 lizzieintn

lizzieintn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 05 September 2010 - 04:52 PM

I could not find an Extras.txt file, but here's the OTL.txt file. Should it always create an Extras.txt?

OTL.txt:

OTL logfile created on: 9/5/2010 4:41:36 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Liz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.30 Gb Total Space | 20.81 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 265.53 Gb Free Space | 89.08% Space Free | Partition Type: NTFS
Drive G: | 10.00 Gb Total Space | 5.26 Gb Free Space | 52.59% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIZ-PC
Current User Name: Liz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 20:40:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe
PRC - [2010/08/01 22:46:21 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/07/15 08:52:30 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 08:52:23 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 08:52:22 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 08:52:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 08:51:25 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 08:51:24 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/09/24 15:41:58 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/03/07 10:50:58 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 21:23:53 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2008/01/01 23:37:16 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/01 23:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/01 23:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/12/21 10:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/24 04:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 04:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 04:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 04:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/08/29 11:55:54 | 001,347,584 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2010/08/24 20:40:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe
MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 21:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/09/26 05:47:22 | 000,102,400 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/01 22:46:21 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/07/15 08:52:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/07 12:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/01 23:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/01 23:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo\catchme.sys -- (catchme)
DRV - [2010/08/28 10:04:06 | 000,069,736 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\Windows\System32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/08/28 10:04:06 | 000,030,320 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/08/28 10:04:06 | 000,024,400 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2010/07/15 08:52:27 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 08:51:26 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 22:21:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2008/01/01 23:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/26 05:47:24 | 001,899,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/09/24 04:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/03/21 14:33:46 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/01/11 19:15:26 | 000,028,048 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/01/11 19:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/11 19:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/11/27 02:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 02:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 02:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 07:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/06 18:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 21:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 21:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 21:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/09/05 13:25:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cdloader] C:\Users\Liz\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
O4 - Startup: C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: comodo.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://67.33.42.5/cab/OCXChecker_8198.cab (OCXDownloadChecker Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} http://67.33.42.5/cab/DownloadCenter_8200.cab (DownloadCenter Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/05 13:39:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/05 13:26:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/05 13:08:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/05 13:08:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/04 14:28:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/09/03 15:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Easy Assist
[2010/09/03 15:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2010/09/03 12:30:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2010/09/02 14:01:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/02 00:03:39 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010/09/01 22:09:35 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/09/01 22:09:10 | 000,037,376 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2010/09/01 22:09:06 | 000,043,520 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2010/09/01 22:09:00 | 000,032,256 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2010/09/01 22:08:36 | 000,032,528 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LMouFilt.Sys
[2010/09/01 22:08:36 | 000,032,272 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LHidFilt.Sys
[2010/09/01 22:08:34 | 000,028,048 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LUsbFilt.sys
[2010/09/01 22:07:10 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010/09/01 22:06:52 | 000,595,456 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010/09/01 22:06:52 | 000,330,240 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2010/09/01 22:06:52 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010/09/01 22:06:52 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/09/01 22:06:52 | 000,146,944 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\st325614.dll
[2010/09/01 22:04:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2010/09/01 21:47:11 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~Q
[2010/09/01 21:24:26 | 000,000,000 | ---D | C] -- C:\$INPLACE.~TR
[2010/09/01 20:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Liz\Downloads\Documents\My Videos
[2010/09/01 20:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Liz\Downloads\Documents\My Pictures
[2010/09/01 20:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Liz\Downloads\Documents\My Music
[2010/09/01 20:00:40 | 000,000,000 | --SD | C] -- C:\Users\Liz\AppData\Roaming\Microsoft
[2010/09/01 20:00:40 | 000,000,000 | R--D | C] -- C:\Users\Liz\Videos
[2010/09/01 20:00:40 | 000,000,000 | R--D | C] -- C:\Users\Liz\Saved Games
[2010/09/01 20:00:40 | 000,000,000 | R--D | C] -- C:\Users\Liz\Pictures
[2010/09/01 20:00:40 | 000,000,000 | R--D | C] -- C:\Users\Liz\Music
[2010/09/01 20:00:40 | 000,000,000 | R--D | C] -- C:\Users\Liz\Links
[2010/09/01 20:00:40 | 000,000,000 | R--D | C] -- C:\Users\Liz\Favorites
[2010/09/01 20:00:40 | 000,000,000 | R--D | C] -- C:\Users\Liz\Downloads
[2010/09/01 20:00:40 | 000,000,000 | R--D | C] -- C:\Users\Liz\Desktop
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\AppData\Local\Temporary Internet Files
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\Templates
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\Start Menu
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\SendTo
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\Recent
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\PrintHood
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\NetHood
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\My Documents
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\Local Settings
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\AppData\Local\History
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\Cookies
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\Application Data
[2010/09/01 20:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Liz\AppData\Local\Application Data
[2010/09/01 20:00:40 | 000,000,000 | -H-D | C] -- C:\Users\Liz\AppData
[2010/09/01 20:00:40 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Local\Temp
[2010/09/01 20:00:40 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Local\Microsoft
[2010/09/01 20:00:40 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Media Center Programs
[2010/09/01 19:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/09/01 19:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/09/01 19:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/09/01 19:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2010/09/01 19:56:54 | 004,947,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacgui.cpl
[2010/09/01 19:56:54 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010/09/01 19:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2010/09/01 19:37:13 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/09/01 19:21:11 | 000,000,000 | ---D | C] -- C:\found.008
[2010/08/31 19:05:03 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Users\Liz\remover.exe
[2010/08/31 18:56:24 | 000,000,000 | ---D | C] -- C:\Users\Liz\Desktop\bootkit_remover
[2010/08/31 11:05:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Liz\Desktop\HijackThis.exe
[2010/08/28 10:04:06 | 000,069,736 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/08/28 10:04:06 | 000,068,120 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/08/28 10:04:06 | 000,030,320 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/08/28 10:04:06 | 000,024,400 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/08/28 10:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/08/28 10:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010/08/26 15:16:54 | 000,000,000 | ---D | C] -- C:\ea
[2010/08/26 14:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/08/24 20:41:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/24 20:40:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe
[2010/08/22 22:45:34 | 000,000,000 | ---D | C] -- C:\Users\Liz\DoctorWeb
[2010/08/22 00:34:54 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\DataSafeOnline
[2010/08/21 22:51:29 | 000,000,000 | ---D | C] -- C:\Users\Liz\Downloads\Documents\RegRun2
[2010/08/21 22:51:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2010/08/21 22:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/08/21 19:47:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/08/21 14:21:16 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/08/21 09:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(4)
[2010/08/16 10:19:04 | 000,000,000 | ---D | C] -- C:\Mount
[2010/08/16 10:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Imaging
[2010/08/15 22:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows AIK
[2010/08/15 15:05:45 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\ImgBurn
[2010/08/15 14:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/08/14 14:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinImage
[2010/08/14 11:22:03 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Yahoo!
[2010/08/14 11:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/08/13 20:46:52 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Local\view22
[2010/08/13 20:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\View22
[2010/07/28 10:11:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/28 10:11:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/28 10:11:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/28 10:10:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/28 10:08:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/28 09:09:14 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Malwarebytes
[2010/07/28 09:08:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/28 09:08:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/28 09:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/28 09:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/27 10:00:53 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/27 10:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/27 10:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware(62)
[2010/07/27 10:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/25 22:54:07 | 000,000,000 | ---D | C] -- C:\Users\Liz\Downloads\Documents\My Received Files
[2010/07/15 08:52:22 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/03/25 10:48:25 | 000,024,576 | ---- | C] ( ) -- C:\Windows\GV_AccessIni_Memory.dll

========== Files - Modified Within 90 Days ==========

[2010/09/05 16:44:43 | 006,291,456 | -HS- | M] () -- C:\Users\Liz\ntuser.dat
[2010/09/05 16:32:05 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/05 16:32:05 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/05 16:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/05 15:06:29 | 000,075,264 | ---- | M] () -- C:\Users\Liz\Desktop\SystemLook.exe
[2010/09/05 14:33:47 | 000,002,669 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk
[2010/09/05 14:32:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/05 14:32:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/05 14:32:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/05 14:31:53 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/05 14:29:51 | 000,003,308 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/09/05 14:29:24 | 000,524,288 | -HS- | M] () -- C:\Users\Liz\ntuser.dat{29547688-b6d3-11df-937a-001f3ae46f43}.TMContainer00000000000000000001.regtrans-ms
[2010/09/05 14:29:24 | 000,065,536 | -HS- | M] () -- C:\Users\Liz\ntuser.dat{29547688-b6d3-11df-937a-001f3ae46f43}.TM.blf
[2010/09/05 14:29:20 | 002,787,641 | -H-- | M] () -- C:\Users\Liz\AppData\Local\IconCache.db
[2010/09/05 13:26:08 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/05 13:25:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/05 13:08:35 | 003,837,097 | R--- | M] () -- C:\Users\Liz\Desktop\Combo.exe
[2010/09/05 11:47:26 | 000,000,000 | ---- | M] () -- C:\Users\Liz\defogger_reenable
[2010/09/05 09:58:04 | 064,339,327 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/04 11:27:52 | 000,105,408 | ---- | M] () -- C:\Users\Liz\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/04 11:22:29 | 000,389,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/04 11:19:03 | 303,480,863 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/04 01:43:03 | 000,703,568 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/04 01:43:03 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/04 01:43:03 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/04 01:39:34 | 000,000,104 | ---- | M] () -- C:\Users\Liz\Desktop\Internet Explorer - Shortcut.lnk
[2010/09/03 01:45:58 | 000,524,288 | -HS- | M] () -- C:\Users\Liz\ntuser.dat{29547688-b6d3-11df-937a-001f3ae46f43}.TMContainer00000000000000000002.regtrans-ms
[2010/09/02 14:46:14 | 000,524,288 | -HS- | M] () -- C:\Users\Liz\ntuser.dat{0a03442b-b6b8-11df-956f-001f3ae46f43}.TMContainer00000000000000000001.regtrans-ms
[2010/09/02 14:46:14 | 000,065,536 | -HS- | M] () -- C:\Users\Liz\ntuser.dat{0a03442b-b6b8-11df-956f-001f3ae46f43}.TM.blf
[2010/09/02 13:57:56 | 000,524,288 | -HS- | M] () -- C:\Users\Liz\ntuser.dat{0a03442b-b6b8-11df-956f-001f3ae46f43}.TMContainer00000000000000000002.regtrans-ms
[2010/09/02 10:50:34 | 000,524,288 | -HS- | M] () -- C:\Users\Liz\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/02 10:50:34 | 000,065,536 | -HS- | M] () -- C:\Users\Liz\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/02 00:12:41 | 000,000,945 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Internet Explorer Browser.lnk
[2010/09/02 00:11:32 | 000,000,020 | -HS- | M] () -- C:\Users\Liz\ntuser.ini
[2010/09/01 22:09:19 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/09/01 21:27:48 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/09/01 21:05:04 | 000,021,444 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2010/09/01 20:00:41 | 000,524,288 | -HS- | M] () -- C:\Users\Liz\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/09/01 19:58:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/09/01 19:58:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/09/01 19:58:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010/09/01 19:56:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/09/01 16:39:30 | 000,001,887 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/09/01 16:39:30 | 000,001,887 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/08/31 18:54:59 | 000,036,833 | ---- | M] () -- C:\Users\Liz\Desktop\bootkit_remover.rar
[2010/08/31 11:05:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Liz\Desktop\HijackThis.exe
[2010/08/30 14:23:33 | 000,133,632 | ---- | M] () -- C:\Users\Liz\Desktop\RKUnhookerLE.EXE
[2010/08/29 15:11:28 | 000,050,477 | ---- | M] () -- C:\Users\Liz\Desktop\Defogger.exe
[2010/08/29 01:52:24 | 000,000,512 | ---- | M] () -- C:\Users\Liz\Desktop\MBRCheck_MBR_Backup_08-29-10_01-52-24.bak
[2010/08/28 11:15:46 | 000,147,456 | ---- | M] () -- C:\Users\Liz\Desktop\catchme.exe
[2010/08/28 10:31:59 | 000,000,048 | ---- | M] () -- C:\Windows\wininit.ini
[2010/08/28 10:04:06 | 000,069,736 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/08/28 10:04:06 | 000,068,120 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/08/28 10:04:06 | 000,030,320 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/08/28 10:04:06 | 000,024,400 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/08/26 15:22:19 | 001,133,429 | ---- | M] () -- C:\Users\Liz\Desktop\tdsskiller.zip
[2010/08/25 22:06:10 | 000,525,824 | ---- | M] () -- C:\Users\Liz\Desktop\dds.scr
[2010/08/25 21:59:31 | 000,293,376 | ---- | M] () -- C:\Users\Liz\Desktop\rkmyrjkh-gmer.exe
[2010/08/25 20:27:26 | 000,000,512 | ---- | M] () -- C:\Users\Liz\Desktop\MBRCheck_MBR_Backup_08-25-10_20-27-26.bak
[2010/08/25 19:56:06 | 000,080,384 | ---- | M] () -- C:\Users\Liz\Desktop\MBRCheck.exe
[2010/08/24 20:40:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe
[2010/08/21 14:50:23 | 000,377,635 | ---- | M] () -- C:\MGlogs.zip
[2010/08/21 11:21:14 | 000,000,015 | ---- | M] () -- C:\Users\Liz\Desktop\settings.dat
[2010/08/15 20:45:00 | 000,200,704 | ---- | M] () -- C:\Users\Liz\Downloads\Documents\scan0003.doc
[2010/08/15 14:41:21 | 000,001,676 | ---- | M] () -- C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/08/15 14:41:21 | 000,001,652 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/08/14 14:54:26 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\WinImage (administrator).lnk
[2010/08/14 14:54:26 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\WinImage.lnk
[2010/08/14 14:40:11 | 000,000,286 | ---- | M] () -- C:\Users\Liz\Downloads\Documents\Data_081410_111708.roxio
[2010/08/14 11:22:14 | 000,000,125 | ---- | M] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2010/08/06 21:33:53 | 000,000,375 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/07/28 09:08:53 | 000,000,844 | ---- | M] () -- C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/07/28 09:08:53 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 10:00:42 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/26 21:15:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/26 21:15:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/21 19:50:20 | 000,081,920 | ---- | M] (eSage Lab) -- C:\Users\Liz\remover.exe
[2010/07/15 08:52:27 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/15 08:52:22 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/15 08:51:26 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

========== Files Created - No Company Name ==========

[2010/09/05 15:06:16 | 000,075,264 | ---- | C] () -- C:\Users\Liz\Desktop\SystemLook.exe
[2010/09/05 11:47:26 | 000,000,000 | ---- | C] () -- C:\Users\Liz\defogger_reenable
[2010/09/04 01:39:34 | 000,000,104 | ---- | C] () -- C:\Users\Liz\Desktop\Internet Explorer - Shortcut.lnk
[2010/09/02 15:47:40 | 000,524,288 | -HS- | C] () -- C:\Users\Liz\ntuser.dat{29547688-b6d3-11df-937a-001f3ae46f43}.TMContainer00000000000000000002.regtrans-ms
[2010/09/02 15:47:40 | 000,524,288 | -HS- | C] () -- C:\Users\Liz\ntuser.dat{29547688-b6d3-11df-937a-001f3ae46f43}.TMContainer00000000000000000001.regtrans-ms
[2010/09/02 15:47:39 | 000,065,536 | -HS- | C] () -- C:\Users\Liz\ntuser.dat{29547688-b6d3-11df-937a-001f3ae46f43}.TM.blf
[2010/09/02 12:33:33 | 000,524,288 | -HS- | C] () -- C:\Users\Liz\ntuser.dat{0a03442b-b6b8-11df-956f-001f3ae46f43}.TMContainer00000000000000000002.regtrans-ms
[2010/09/02 12:33:33 | 000,524,288 | -HS- | C] () -- C:\Users\Liz\ntuser.dat{0a03442b-b6b8-11df-956f-001f3ae46f43}.TMContainer00000000000000000001.regtrans-ms
[2010/09/02 12:33:33 | 000,065,536 | -HS- | C] () -- C:\Users\Liz\ntuser.dat{0a03442b-b6b8-11df-956f-001f3ae46f43}.TM.blf
[2010/09/02 11:53:52 | 3747,655,680 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/02 00:11:32 | 000,000,020 | -HS- | C] () -- C:\Users\Liz\ntuser.ini
[2010/09/01 22:09:10 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2010/09/01 22:08:38 | 000,144,360 | ---- | C] () -- C:\Windows\System32\drivers\del1028.cty
[2010/09/01 22:08:33 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2010/09/01 22:08:33 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2010/09/01 22:08:33 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2010/09/01 22:08:33 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2010/09/01 22:08:33 | 000,025,952 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2010/09/01 22:08:33 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2010/09/01 22:08:33 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2010/09/01 22:04:58 | 000,000,024 | -H-- | C] () -- C:\Windows\dell_version
[2010/09/01 20:00:40 | 006,291,456 | -HS- | C] () -- C:\Users\Liz\ntuser.dat
[2010/09/01 20:00:40 | 000,524,288 | -HS- | C] () -- C:\Users\Liz\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/09/01 20:00:40 | 000,524,288 | -HS- | C] () -- C:\Users\Liz\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/01 20:00:40 | 000,262,144 | -H-- | C] () -- C:\Users\Liz\ntuser.dat.LOG1
[2010/09/01 20:00:40 | 000,065,536 | -HS- | C] () -- C:\Users\Liz\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/01 20:00:40 | 000,000,258 | ---- | C] () -- C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/09/01 20:00:40 | 000,000,240 | ---- | C] () -- C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/09/01 20:00:40 | 000,000,000 | -H-- | C] () -- C:\Users\Liz\ntuser.dat.LOG2
[2010/09/01 19:58:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/09/01 19:58:47 | 000,003,308 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/09/01 19:58:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/09/01 19:58:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010/09/01 19:56:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/09/01 18:11:44 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2010/09/01 16:18:15 | 000,001,887 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/09/01 16:18:15 | 000,001,887 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/08/31 19:05:46 | 000,054,641 | ---- | C] () -- C:\Users\Liz\bootkit_remover_debug_log.txt
[2010/08/31 19:05:03 | 000,003,575 | ---- | C] () -- C:\Users\Liz\readme_ru.txt
[2010/08/31 19:05:03 | 000,003,052 | ---- | C] () -- C:\Users\Liz\readme_en.txt
[2010/08/31 18:54:48 | 000,036,833 | ---- | C] () -- C:\Users\Liz\Desktop\bootkit_remover.rar
[2010/08/30 14:23:17 | 000,133,632 | ---- | C] () -- C:\Users\Liz\Desktop\RKUnhookerLE.EXE
[2010/08/29 15:11:22 | 000,050,477 | ---- | C] () -- C:\Users\Liz\Desktop\Defogger.exe
[2010/08/29 01:52:24 | 000,000,512 | ---- | C] () -- C:\Users\Liz\Desktop\MBRCheck_MBR_Backup_08-29-10_01-52-24.bak
[2010/08/28 11:15:38 | 000,147,456 | ---- | C] () -- C:\Users\Liz\Desktop\catchme.exe
[2010/08/28 10:03:48 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/26 15:22:18 | 001,133,429 | ---- | C] () -- C:\Users\Liz\Desktop\tdsskiller.zip
[2010/08/25 22:06:06 | 000,525,824 | ---- | C] () -- C:\Users\Liz\Desktop\dds.scr
[2010/08/25 21:59:29 | 000,293,376 | ---- | C] () -- C:\Users\Liz\Desktop\rkmyrjkh-gmer.exe
[2010/08/25 20:27:26 | 000,000,512 | ---- | C] () -- C:\Users\Liz\Desktop\MBRCheck_MBR_Backup_08-25-10_20-27-26.bak
[2010/08/25 19:56:06 | 000,080,384 | ---- | C] () -- C:\Users\Liz\Desktop\MBRCheck.exe
[2010/08/24 20:46:25 | 003,837,097 | R--- | C] () -- C:\Users\Liz\Desktop\Combo.exe
[2010/08/21 14:33:58 | 000,377,635 | ---- | C] () -- C:\MGlogs.zip
[2010/08/21 11:20:44 | 000,000,015 | ---- | C] () -- C:\Users\Liz\Desktop\settings.dat
[2010/08/15 20:44:49 | 000,200,704 | ---- | C] () -- C:\Users\Liz\Downloads\Documents\scan0003.doc
[2010/08/15 14:41:21 | 000,001,676 | ---- | C] () -- C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/08/15 14:41:21 | 000,001,652 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/08/14 14:54:26 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\WinImage (administrator).lnk
[2010/08/14 14:54:26 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\WinImage.lnk
[2010/08/14 11:22:14 | 000,076,407 | ---- | C] () -- C:\Users\Liz\AppData\Roaming\Smiley.ico
[2010/08/14 11:22:14 | 000,000,125 | ---- | C] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2010/08/14 11:18:04 | 000,000,286 | ---- | C] () -- C:\Users\Liz\Downloads\Documents\Data_081410_111708.roxio
[2010/07/28 10:11:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/28 10:11:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/28 10:11:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/28 10:11:04 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/28 10:11:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/28 09:08:53 | 000,000,844 | ---- | C] () -- C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/07/28 09:08:53 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 10:00:42 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/26 21:15:11 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/07/26 21:15:11 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/09/06 22:04:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/03/25 16:08:07 | 000,000,082 | ---- | C] () -- C:\Windows\GeoPAL.ini
[2009/03/25 10:48:25 | 000,200,704 | ---- | C] () -- C:\Windows\JxIni.dll
[2009/03/25 10:48:25 | 000,139,264 | ---- | C] () -- C:\Windows\GV_GeoPTZini.dll
[2009/03/25 10:48:25 | 000,139,264 | ---- | C] () -- C:\Windows\GeoEditAVIDll.dll
[2008/10/19 11:12:56 | 000,018,690 | ---- | C] () -- C:\Windows\System32\drivers\usbhsb.sys
[2008/09/27 13:05:29 | 000,000,094 | ---- | C] () -- C:\Windows\MusicRip.ini
[2008/04/29 20:34:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/22 17:06:51 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/09/01 20:39:33 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DataSafeOnline
[2010/09/01 20:39:33 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Image Zone Express
[2010/09/01 20:39:33 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ImgBurn
[2010/09/01 20:39:42 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\mjusbsp
[2010/09/01 20:39:42 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Nokia
[2010/09/01 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Panasonic
[2010/09/01 20:39:44 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ParetoLogic
[2010/09/01 20:39:44 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\PC Suite
[2010/09/01 20:39:44 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Printer Info Cache
[2010/09/01 20:39:44 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Smart PDF Converter
[2010/09/01 20:39:44 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Uniblue
[2008/05/10 21:28:58 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\WeatherBug
[2010/09/05 14:29:51 | 000,017,678 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 1125 bytes -> C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Fwd_ Fw_ Point Pleasant, WV_ Can anyone help Sheera_ - Husky needs rescue , ASAP!.eml:OECustomProperty
< End of report >




#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 06 September 2010 - 12:47 AM

Those look good

I want you to update combofix and rerun it for me

update combofix

I would like you to download an updated virsion of combofix.
    Delete the version of combofix you have now on your desktop and download a new one from here

    **Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note:Do not mouseclick combofix's window while it's running. That may cause it to stall



gringo

Edited by gringo_pr, 06 September 2010 - 12:48 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 lizzieintn

lizzieintn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 06 September 2010 - 11:12 AM

Gringo,
Things are NOT looking good! I sat and watched Combofix run after I downloaded it as you instructed...it found that atapi.sys was infected and then rebooted my computer. I stepped away after it successfully booted back up and I had closed all programs in the startup and disconnected from the internet. When I stepped away Combofix had a message on it's screen that it was preparing the report. When I returned...Windows had rebooted and there is no Combofix log on my desktop...or anywhere else!!!

I sat in front of my computer and watched the Combofix screen for 20 minutes - it appears that once it finds an infected system file that it reboots as once it displayed the message that atapi.sys was infected, it rebooted Windows. I have been very careful to not even visit many web sites and most definitely have not downloaded anything but Microsoft updates and Combofix. I am thinking it is not going on and finding all system files infected if it finds one infected...is that correct? Perhaps it needs to be rerun until no infected files are found?

This morning when my computer booted up I noticed again that it was incredibly slow and windows explorer actually stopped working and showed as not responding. Last night IE stopped working and I could not get it to come back up until I rebooted. I also noticed when it initially displays the desktop, it blinks, goes black...flashes a couple times...and then comes back up. This is something new. This morning it also opened TWO sessions of IE and TWO sessions of Outlook 2007, both of which are in my startup...but only once, of course. That has never happened before. I also am getting a message that sprtcmd.exe cannot execute because it requires .NET 4.0 to execute, and I have 3.5. Have any idea what that is?

Shall I try Combofix again...or what???

Why does this d*** thing keep coming back??? I think it's going to drive me absolutely insane!!!

Thanks!!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users