Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting and possible Rootkit Trojan


  • This topic is locked This topic is locked
28 replies to this topic

#1 isabella_750

isabella_750

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 11 April 2012 - 07:14 PM

I have a Dell Latitude D620 running Windows XP Pro that is driving me nuts. It started with just google redirects, and then progressed to an HDD executable that hid all of my files and made it look like the system was wiped clean. I was able to get control back of the system, through safe mode, and ran anti-virus and malware programs to do what I could to kill it. Kapersky, Rootkit, Malware-Bytes, SuperAntiSpyware. The system started acting like it was clean, but now the google redirects are back.

I followed the Preparation Guide steps as outlined on your site. When I downloaded and attempted to run DDS I got all the way to the DDS Information Screen. It appeared to run with the **** going across the screen. But then it just stopped and my system locked up where I couldn't do anything. So I rebooted and tried DDS again. Again the Information Screen acted like it was running with the **** across the screen, and again it just stopped and the computer froze. I rebooted and tried a third time only to have it happen again. So after rebooting again I moved on to the GMER step.

GMER opened and I proceeded to scan as instructed. However, about 3 minutes in to the scan the DDS process kicked off. Again it caused my system to freeze and I had to reboot. Thinking I may have done something to cause the DDS to start, I went through the GMER step again. Again I started the scan and again, with my not touching the machine at all, the DDS process kicked off and my system froze. So after rebooting again I first deleted DDS from my system, and then ran GMER. I was able to get the scan to complete and have attached the txt here.

Please let me know if there is another tool other than DDS that I can run to get the information off the PC and I will be happy to do so. I truly hope someone can help me because I am at my wits end!!! Thank you!

Attached Files

  • Attached File  ark.txt   695bytes   5 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 11 April 2012 - 11:28 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 April 2012 - 07:44 AM

Gringo,

Thank you so much for such a quick reply! I was able to run both Unhide and OTL without any problems. Attached is the OTL log as requested. Please let me know if you need the unhide.txt file as well.

Liz

Attached Files

  • Attached File  OTL.Txt   124.15KB   0 downloads


#4 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 April 2012 - 07:49 AM

Sorry! I should have just included the txt file instead of attaching it!

OTL logfile created on: 4/12/2012 5:38:58 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Liz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 80.56% Memory free
3.85 Gb Paging File | 3.61 Gb Available in Paging File | 93.98% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 37.38 Gb Free Space | 66.88% Space Free | Partition Type: NTFS

Computer Name: LIZ-262D0782F51 | User Name: Liz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Liz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (QKV) -- C:\DOCUME~1\Liz\LOCALS~1\Temp\QKV.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREdrv.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (AQFileRestore) -- system32\DRIVERS\AQFileRestore.sys File not found
DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUVC) QuickCam for Notebooks Pro(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1004336348-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKU\S-1-5-21-1004336348-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-21-1004336348-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1004336348-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1004336348-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1004336348-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 A6 4D 44 48 13 CD 01 [binary data]
IE - HKU\S-1-5-21-1004336348-602609370-725345543-1003\..\SearchScopes,DefaultScope = {0D91A787-330C-40AB-8930-5418ADC4A6D3}
IE - HKU\S-1-5-21-1004336348-602609370-725345543-1003\..\SearchScopes\{0D91A787-330C-40AB-8930-5418ADC4A6D3}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKU\S-1-5-21-1004336348-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Liz\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Liz\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2011/07/21 22:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Liz\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Liz\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Liz\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Liz\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\Liz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Liz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Liz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/05 21:57:40 | 000,000,882 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
O4 - HKU\S-1-5-18..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-602609370-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-602609370-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1004336348-602609370-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-602609370-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1004336348-602609370-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1310715933328 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1311308688390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB994253-2701-45C1-983F-B630ACE0B389}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (OknixlegRaxp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/14 21:44:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/12 05:37:20 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
[2012/04/11 15:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Desktop\gmer
[2012/04/09 15:17:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Liz\Recent
[2012/04/09 15:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/04/09 15:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\Ad-Aware Antivirus
[2012/04/09 15:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\Wise Registry Cleaner
[2012/04/09 15:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner
[2012/04/09 15:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2012/04/09 14:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/04/09 14:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/04/09 13:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012/04/09 13:41:38 | 000,000,000 | ---D | C] -- C:\windows\ie8
[2012/04/07 23:31:26 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/04/06 12:13:13 | 009,604,712 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Liz\Desktop\mbam-setup.exe
[2012/04/06 11:39:49 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Liz\Desktop\tdsskiller.exe
[2012/04/06 11:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2012/04/06 10:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/04/06 08:14:26 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/05 21:59:06 | 015,524,152 | ---- | C] (Microsoft Corporation) -- C:\windows-kb890830-v4.6.exe
[2012/04/05 20:49:16 | 006,216,032 | ---- | C] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe
[2012/04/05 20:48:30 | 001,266,056 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB927891-v3-x86-ENU.exe
[2012/04/05 14:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/04/05 14:13:04 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Liz\Desktop\spybotsd162.exe
[2012/04/05 11:27:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/05 11:05:42 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mrxsmb.sys
[2012/03/13 21:13:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/03/13 21:13:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/03/13 21:13:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2012/03/13 21:13:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/03/13 20:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[6 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/12 05:38:00 | 000,000,970 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-602609370-725345543-1003UA.job
[2012/04/12 05:37:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
[2012/04/12 05:35:31 | 000,059,445 | ---- | M] () -- C:\windows\System32\nvModes.001
[2012/04/12 05:35:31 | 000,002,148 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012/04/12 05:35:11 | 000,000,104 | ---- | M] () -- C:\windows\System32\NvApps.xml
[2012/04/12 05:35:08 | 000,000,876 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/12 05:35:05 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/12 05:30:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/12 05:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At60.job
[2012/04/12 05:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At156.job
[2012/04/12 05:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At108.job
[2012/04/12 05:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At59.job
[2012/04/12 05:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At155.job
[2012/04/12 05:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At107.job
[2012/04/12 05:02:00 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/12 05:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At30.job
[2012/04/12 05:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At6.job
[2012/04/12 04:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At58.job
[2012/04/12 04:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At154.job
[2012/04/12 04:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At106.job
[2012/04/12 04:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At57.job
[2012/04/12 04:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At153.job
[2012/04/12 04:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At105.job
[2012/04/12 04:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At29.job
[2012/04/12 04:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At5.job
[2012/04/12 03:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At56.job
[2012/04/12 03:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At152.job
[2012/04/12 03:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At104.job
[2012/04/12 03:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At55.job
[2012/04/12 03:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At151.job
[2012/04/12 03:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At103.job
[2012/04/12 03:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At28.job
[2012/04/12 03:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At4.job
[2012/04/12 02:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At54.job
[2012/04/12 02:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At150.job
[2012/04/12 02:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At102.job
[2012/04/12 02:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At53.job
[2012/04/12 02:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At149.job
[2012/04/12 02:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At101.job
[2012/04/12 02:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At27.job
[2012/04/12 02:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At3.job
[2012/04/12 01:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At52.job
[2012/04/12 01:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At148.job
[2012/04/12 01:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At100.job
[2012/04/12 01:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At99.job
[2012/04/12 01:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At51.job
[2012/04/12 01:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At147.job
[2012/04/12 01:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At26.job
[2012/04/12 01:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At2.job
[2012/04/12 00:46:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At1.job
[2012/04/12 00:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At98.job
[2012/04/12 00:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At50.job
[2012/04/12 00:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At146.job
[2012/04/12 00:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At97.job
[2012/04/12 00:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At49.job
[2012/04/12 00:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At145.job
[2012/04/12 00:05:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At25.job
[2012/04/11 23:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At96.job
[2012/04/11 23:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At192.job
[2012/04/11 23:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At144.job
[2012/04/11 23:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At95.job
[2012/04/11 23:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At191.job
[2012/04/11 23:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At143.job
[2012/04/11 23:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At48.job
[2012/04/11 23:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At24.job
[2012/04/11 22:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At94.job
[2012/04/11 22:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At190.job
[2012/04/11 22:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At142.job
[2012/04/11 22:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At93.job
[2012/04/11 22:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At189.job
[2012/04/11 22:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At141.job
[2012/04/11 22:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At47.job
[2012/04/11 22:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At23.job
[2012/04/11 21:38:00 | 000,000,918 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-602609370-725345543-1003Core.job
[2012/04/11 21:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At92.job
[2012/04/11 21:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At188.job
[2012/04/11 21:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At140.job
[2012/04/11 21:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At91.job
[2012/04/11 21:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At187.job
[2012/04/11 21:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At139.job
[2012/04/11 21:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At46.job
[2012/04/11 21:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At22.job
[2012/04/11 20:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At90.job
[2012/04/11 20:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At186.job
[2012/04/11 20:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At138.job
[2012/04/11 20:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At89.job
[2012/04/11 20:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At185.job
[2012/04/11 20:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At137.job
[2012/04/11 20:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At45.job
[2012/04/11 20:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At21.job
[2012/04/11 19:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At88.job
[2012/04/11 19:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At184.job
[2012/04/11 19:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At136.job
[2012/04/11 19:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At87.job
[2012/04/11 19:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At183.job
[2012/04/11 19:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At135.job
[2012/04/11 19:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At44.job
[2012/04/11 19:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At20.job
[2012/04/11 18:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At86.job
[2012/04/11 18:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At182.job
[2012/04/11 18:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At134.job
[2012/04/11 18:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At85.job
[2012/04/11 18:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At181.job
[2012/04/11 18:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At133.job
[2012/04/11 18:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At43.job
[2012/04/11 18:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At19.job
[2012/04/11 17:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At84.job
[2012/04/11 17:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At180.job
[2012/04/11 17:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At132.job
[2012/04/11 17:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At83.job
[2012/04/11 17:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At179.job
[2012/04/11 17:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At131.job
[2012/04/11 17:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At42.job
[2012/04/11 17:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At18.job
[2012/04/11 16:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At82.job
[2012/04/11 16:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At178.job
[2012/04/11 16:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At130.job
[2012/04/11 16:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At81.job
[2012/04/11 16:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At177.job
[2012/04/11 16:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At129.job
[2012/04/11 16:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At41.job
[2012/04/11 16:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At17.job
[2012/04/11 15:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At80.job
[2012/04/11 15:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At176.job
[2012/04/11 15:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At128.job
[2012/04/11 15:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At79.job
[2012/04/11 15:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At175.job
[2012/04/11 15:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At127.job
[2012/04/11 14:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At39.job
[2012/04/11 14:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At15.job
[2012/04/11 13:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At76.job
[2012/04/11 13:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At172.job
[2012/04/11 13:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At124.job
[2012/04/11 13:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At75.job
[2012/04/11 13:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At171.job
[2012/04/11 13:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At123.job
[2012/04/11 13:21:36 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\gmer.zip
[2012/04/11 13:18:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Liz\defogger_reenable
[2012/04/11 13:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At38.job
[2012/04/11 13:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At14.job
[2012/04/11 12:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At74.job
[2012/04/11 12:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At170.job
[2012/04/11 12:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At122.job
[2012/04/11 12:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At73.job
[2012/04/11 12:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At169.job
[2012/04/11 12:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At121.job
[2012/04/11 12:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At37.job
[2012/04/11 12:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At13.job
[2012/04/11 11:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At72.job
[2012/04/11 11:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At168.job
[2012/04/11 11:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At120.job
[2012/04/11 11:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At71.job
[2012/04/11 11:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At167.job
[2012/04/11 11:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At119.job
[2012/04/11 11:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At36.job
[2012/04/11 11:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At12.job
[2012/04/11 10:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At70.job
[2012/04/11 10:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At166.job
[2012/04/11 10:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At118.job
[2012/04/11 10:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At69.job
[2012/04/11 10:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At165.job
[2012/04/11 10:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At117.job
[2012/04/11 10:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At35.job
[2012/04/11 10:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At11.job
[2012/04/11 09:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At68.job
[2012/04/11 09:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At164.job
[2012/04/11 09:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At116.job
[2012/04/11 09:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At67.job
[2012/04/11 09:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At163.job
[2012/04/11 09:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At115.job
[2012/04/11 09:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At34.job
[2012/04/11 09:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At10.job
[2012/04/11 08:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At66.job
[2012/04/11 08:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At162.job
[2012/04/11 08:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At114.job
[2012/04/11 08:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At65.job
[2012/04/11 08:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At161.job
[2012/04/11 08:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At113.job
[2012/04/11 08:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At33.job
[2012/04/11 08:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At9.job
[2012/04/11 07:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At64.job
[2012/04/11 07:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At160.job
[2012/04/11 07:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At112.job
[2012/04/11 07:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At63.job
[2012/04/11 07:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At159.job
[2012/04/11 07:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At111.job
[2012/04/11 07:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At32.job
[2012/04/11 07:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At8.job
[2012/04/11 06:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At62.job
[2012/04/11 06:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At158.job
[2012/04/11 06:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At110.job
[2012/04/11 06:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At61.job
[2012/04/11 06:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At157.job
[2012/04/11 06:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At109.job
[2012/04/11 06:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At31.job
[2012/04/11 06:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At7.job
[2012/04/10 15:00:00 | 000,000,418 | ---- | M] () -- C:\windows\tasks\At40.job
[2012/04/10 15:00:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\At16.job
[2012/04/10 14:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At78.job
[2012/04/10 14:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At174.job
[2012/04/10 14:22:00 | 000,000,344 | ---- | M] () -- C:\windows\tasks\At126.job
[2012/04/10 14:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At77.job
[2012/04/10 14:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At173.job
[2012/04/10 14:22:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At125.job
[2012/04/10 02:40:17 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\Google Chrome.lnk
[2012/04/09 16:17:30 | 006,516,736 | ---- | M] () -- C:\Documents and Settings\Liz\NTUSER.rhk
[2012/04/09 15:15:45 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/04/09 15:06:24 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2012/04/09 13:59:42 | 000,134,757 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\Belarc Laptop Evaluation.pdf
[2012/04/09 13:55:40 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/04/09 13:55:40 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/04/09 13:47:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/09 11:44:32 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/04/09 11:44:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/04/06 12:13:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 12:13:37 | 009,604,712 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Liz\Desktop\mbam-setup.exe
[2012/04/06 11:39:49 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Liz\Desktop\tdsskiller.exe
[2012/04/06 09:06:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\61543Kj.dat
[2012/04/06 08:07:40 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\services stopper.exe
[2012/04/06 08:04:28 | 000,000,000 | -HS- | M] () -- C:\windows\System32\dds_trash_log.cmd
[2012/04/06 07:38:20 | 000,001,324 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2012/04/06 07:29:33 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QUYSsM3tKO6hbx
[2012/04/06 07:19:42 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-QUYSsM3tKO6hbxr
[2012/04/06 07:19:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-QUYSsM3tKO6hbx
[2012/04/05 21:59:06 | 015,524,152 | ---- | M] (Microsoft Corporation) -- C:\windows-kb890830-v4.6.exe
[2012/04/05 21:57:40 | 000,000,882 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/04/05 21:23:13 | 000,023,392 | ---- | M] () -- C:\windows\System32\nscompat.tlb
[2012/04/05 21:23:13 | 000,016,832 | ---- | M] () -- C:\windows\System32\amcompat.tlb
[2012/04/05 20:49:17 | 006,216,032 | ---- | M] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe
[2012/04/05 20:48:31 | 001,266,056 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB927891-v3-x86-ENU.exe
[2012/04/05 20:47:22 | 000,003,038 | ---- | M] () -- C:\fix_svchost.bat
[2012/04/05 14:20:34 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Liz\Desktop\spybotsd162.exe
[2012/04/05 11:19:06 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.20120405-145659.backup
[2012/04/05 09:21:05 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2012/03/29 15:09:00 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2012/03/14 16:58:59 | 000,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2012/03/13 21:50:59 | 000,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2012/03/13 21:48:08 | 000,000,330 | ---- | M] () -- C:\windows\System32\.crusader
[2012/03/13 20:37:49 | 000,228,800 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[6 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/12 05:35:11 | 000,059,445 | ---- | C] () -- C:\windows\System32\nvModes.001
[2012/04/12 05:35:11 | 000,000,104 | ---- | C] () -- C:\windows\System32\NvApps.xml
[2012/04/12 05:35:07 | 000,002,148 | ---- | C] () -- C:\windows\System32\wpa.dbl
[2012/04/11 15:13:13 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\gmer.zip
[2012/04/11 13:18:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Liz\defogger_reenable
[2012/04/09 15:15:45 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/04/09 15:09:47 | 006,516,736 | ---- | C] () -- C:\Documents and Settings\Liz\NTUSER.rhk
[2012/04/09 15:06:24 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2012/04/09 13:59:38 | 000,134,757 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\Belarc Laptop Evaluation.pdf
[2012/04/09 13:55:40 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/04/09 13:55:40 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2012/04/09 13:55:40 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/04/09 13:55:38 | 000,003,840 | ---- | C] () -- C:\windows\System32\drivers\BANTExt.sys
[2012/04/09 13:47:23 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/09 13:47:23 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Liz\Start Menu\Programs\Internet Explorer.lnk
[2012/04/07 23:31:27 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/07 08:56:04 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Liz\Start Menu\Programs\Microsoft Office.lnk
[2012/04/06 12:13:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At192.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At190.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At188.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At186.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At184.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At182.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At180.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At178.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At176.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At174.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At172.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At170.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At168.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At166.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At164.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At162.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At160.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At158.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At156.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At154.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At152.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At150.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At148.job
[2012/04/06 12:04:53 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At146.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At191.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At189.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At187.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At185.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At183.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At181.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At179.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At177.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At175.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At173.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At171.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At169.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At167.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At165.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At163.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At161.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At159.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At157.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At155.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At153.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At151.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At149.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At147.job
[2012/04/06 12:04:53 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At145.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At98.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At144.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At142.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At140.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At138.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At136.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At134.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At132.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At130.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At128.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At126.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At124.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At122.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At120.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At118.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At116.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At114.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At112.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At110.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At108.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At106.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At104.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At102.job
[2012/04/06 11:49:51 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At100.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At99.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At97.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At143.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At141.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At139.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At137.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At135.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At133.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At131.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At129.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At127.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At125.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At123.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At121.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At119.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At117.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At115.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At113.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At111.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At109.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At107.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At105.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At103.job
[2012/04/06 11:49:51 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At101.job
[2012/04/06 09:06:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\61543Kj.dat
[2012/04/06 09:06:05 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At96.job
[2012/04/06 09:06:05 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At94.job
[2012/04/06 09:06:05 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At92.job
[2012/04/06 09:06:05 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At90.job
[2012/04/06 09:06:05 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At88.job
[2012/04/06 09:06:05 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At86.job
[2012/04/06 09:06:05 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At84.job
[2012/04/06 09:06:05 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At82.job
[2012/04/06 09:06:05 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At80.job
[2012/04/06 09:06:05 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At78.job
[2012/04/06 09:06:05 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At76.job
[2012/04/06 09:06:05 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At74.job
[2012/04/06 09:06:05 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At95.job
[2012/04/06 09:06:05 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At93.job
[2012/04/06 09:06:05 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At91.job
[2012/04/06 09:06:05 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At89.job
[2012/04/06 09:06:05 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At87.job
[2012/04/06 09:06:05 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At85.job
[2012/04/06 09:06:05 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At83.job
[2012/04/06 09:06:05 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At81.job
[2012/04/06 09:06:05 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At79.job
[2012/04/06 09:06:05 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At77.job
[2012/04/06 09:06:05 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At75.job
[2012/04/06 09:06:05 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At73.job
[2012/04/06 09:06:04 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At72.job
[2012/04/06 09:06:04 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At70.job
[2012/04/06 09:06:04 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At68.job
[2012/04/06 09:06:04 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At66.job
[2012/04/06 09:06:04 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At64.job
[2012/04/06 09:06:04 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At62.job
[2012/04/06 09:06:04 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At60.job
[2012/04/06 09:06:04 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At58.job
[2012/04/06 09:06:04 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At56.job
[2012/04/06 09:06:04 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At54.job
[2012/04/06 09:06:04 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At52.job
[2012/04/06 09:06:04 | 000,000,344 | ---- | C] () -- C:\windows\tasks\At50.job
[2012/04/06 09:06:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At71.job
[2012/04/06 09:06:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At69.job
[2012/04/06 09:06:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At67.job
[2012/04/06 09:06:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At65.job
[2012/04/06 09:06:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At63.job
[2012/04/06 09:06:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At61.job
[2012/04/06 09:06:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At59.job
[2012/04/06 09:06:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At57.job
[2012/04/06 09:06:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At55.job
[2012/04/06 09:06:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At53.job
[2012/04/06 09:06:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At51.job
[2012/04/06 09:06:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At49.job
[2012/04/06 08:07:21 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\services stopper.exe
[2012/04/06 07:19:42 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-QUYSsM3tKO6hbxr
[2012/04/06 07:19:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-QUYSsM3tKO6hbx
[2012/04/06 07:19:37 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QUYSsM3tKO6hbx
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At48.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At47.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At46.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At45.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At44.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At43.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At42.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At41.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At40.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At39.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At38.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At37.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At36.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At35.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At34.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At33.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At32.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At31.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At30.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At29.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At28.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At27.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At26.job
[2012/04/06 07:13:57 | 000,000,418 | ---- | C] () -- C:\windows\tasks\At25.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At9.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At8.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At7.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At6.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At5.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At4.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At3.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At24.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At23.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At22.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At21.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At20.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At2.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At19.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At18.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At17.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At16.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At15.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At14.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At13.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At12.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At11.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At10.job
[2012/04/06 07:13:57 | 000,000,416 | ---- | C] () -- C:\windows\tasks\At1.job
[2012/04/05 23:04:23 | 000,000,000 | -HS- | C] () -- C:\windows\System32\dds_trash_log.cmd
[2012/04/05 21:35:27 | 000,002,268 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\Google Chrome.lnk
[2012/04/05 21:33:09 | 000,000,970 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-602609370-725345543-1003UA.job
[2012/04/05 21:33:09 | 000,000,918 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-602609370-725345543-1003Core.job
[2012/04/05 20:47:22 | 000,003,038 | ---- | C] () -- C:\fix_svchost.bat
[2012/03/13 21:50:59 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2012/03/13 21:13:06 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/03/13 21:13:06 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/03/13 21:13:06 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/03/13 21:13:06 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/03/13 21:13:06 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/02/28 22:51:23 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2012/01/06 13:41:18 | 000,230,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1004336348-602609370-725345543-1003-0.dat
[2012/01/06 13:41:17 | 000,230,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/02 12:40:03 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2011/11/30 07:52:38 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/12 14:27:37 | 000,000,064 | ---- | C] () -- C:\windows\System32\rp_stats.dat
[2011/11/12 14:27:37 | 000,000,044 | ---- | C] () -- C:\windows\System32\rp_rules.dat
[2011/07/26 12:13:42 | 000,186,716 | ---- | C] () -- C:\windows\hpwins23.dat
[2011/07/26 12:13:42 | 000,001,847 | ---- | C] () -- C:\windows\hpwmdl23.dat
[2011/07/26 11:57:34 | 000,058,163 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2011/07/26 10:11:05 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/07/26 00:44:08 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2011/07/25 23:25:22 | 000,442,368 | ---- | C] () -- C:\windows\System32\nvappbar.exe
[2011/07/25 23:25:22 | 000,425,984 | ---- | C] () -- C:\windows\System32\keystone.exe
[2011/07/25 23:25:21 | 001,703,936 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2011/07/25 23:25:21 | 001,630,208 | ---- | C] () -- C:\windows\System32\nwiz.exe
[2011/07/25 23:25:21 | 001,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2011/07/25 23:25:20 | 000,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2011/07/25 23:25:19 | 001,486,848 | ---- | C] () -- C:\windows\System32\nview.dll
[2011/07/25 23:25:19 | 001,339,392 | ---- | C] () -- C:\windows\System32\nvdspsch.exe
[2011/07/25 18:14:44 | 000,000,552 | ---- | C] () -- C:\windows\System32\d3d8caps.dat
[2011/07/25 18:11:10 | 000,001,324 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2011/07/24 11:03:28 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/07/21 21:47:11 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2011/07/17 08:34:52 | 000,000,000 | ---- | C] () -- C:\windows\iPlayer.INI
[2011/07/15 00:29:34 | 000,059,445 | ---- | C] () -- C:\windows\System32\nvModes.dat
[2011/07/14 21:47:43 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2011/07/14 21:41:15 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2011/07/14 13:50:42 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011/07/14 13:49:26 | 000,228,800 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys:SummaryInformation

< End of report >

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 12 April 2012 - 07:54 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 April 2012 - 10:14 AM

Gringo,

I saved Combofix to the desktop and initiated the cleaner. It immediately gave me a message stating AVG Antivirus wasw active on my laptop and I needed to close it before proceeding. I had previously removed this program, so checked to to see if it still showed as loaded and was unable to find it. I continued with Combofix by clicking "OK".

Then Combofix attempted a System Restore. I said yes for it to download / install Microsoft Windows Recovery, only to get a "Boot partition cannot be enumerated correctly". I pressed "OK" and Combofix continued.

The Combofix AutoScan window showed "Scanning for infected files...." and within minutes a window popped up saying "You are infectyed with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection." I pressed "OK" and it continued. Then a window popped up saying "Rootkit is detected". I pressed "OK" and waited.

At this point all that was on the laptop screen was the AutoScan screen which still showed "Scanning for infected files....". It sat like this for over an hour - at which time I rebooted the machine and started the process all over again. Again all the same steps and windows showed up, and again I got to the AutoScan screen showing "Scanning for infected files..." and it has done nothing for over an hour now. I haven't rebooted the machine and will leave the AutoScan screen as it shows until I hear back from you. Thank you!

Liz

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 12 April 2012 - 01:06 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 April 2012 - 06:59 PM

Gringo,

Started up in Safe Mode and initiated Combofix. Again it attempted to create a new System restore point, and again when I said yes to install Microsoft Windows recovery console it came back with "Boot partition cannot be enumerated correctly." It also had the same statement "You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack" and then "Rootkit is detected". After clicking OK the at that point it did the same thing as before - sat in the "AutoScan" screen with no movement on the HD or on the screen for over an hour. After an hour and a half I rebooted in to safe mode and tried the whole thing again. Again the same process happened and it stopped in the exact same place (and is still sitting there 2 hours later). Is there anything we can do if Combofix can't run???

Liz

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 12 April 2012 - 08:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 April 2012 - 09:58 PM

Gringo,

Thank you so much for not giving up and still trying to help me with this! Both TDSSKiller and aswMBR downloaded and scanned without an issue. Please find the logs included below:

TDSSKiller log

19:37:10.0312 1028 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
19:37:10.0625 1028 ============================================================
19:37:10.0625 1028 Current date / time: 2012/04/12 19:37:10.0625
19:37:10.0625 1028 SystemInfo:
19:37:10.0625 1028
19:37:10.0625 1028 OS Version: 5.1.2600 ServicePack: 3.0
19:37:10.0625 1028 Product type: Workstation
19:37:10.0625 1028 ComputerName: LIZ-262D0782F51
19:37:10.0625 1028 UserName: Liz
19:37:10.0625 1028 Windows directory: C:\windows
19:37:10.0625 1028 System windows directory: C:\windows
19:37:10.0625 1028 Processor architecture: Intel x86
19:37:10.0625 1028 Number of processors: 2
19:37:10.0625 1028 Page size: 0x1000
19:37:10.0625 1028 Boot type: Normal boot
19:37:10.0625 1028 ============================================================
19:37:12.0203 1028 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:37:12.0203 1028 \Device\Harddisk0\DR0:
19:37:12.0203 1028 MBR used
19:37:12.0203 1028 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
19:37:12.0234 1028 Initialize success
19:37:12.0234 1028 ============================================================
19:37:28.0156 1672 ============================================================
19:37:28.0156 1672 Scan started
19:37:28.0156 1672 Mode: Manual; SigCheck; TDLFS;
19:37:28.0156 1672 ============================================================
19:37:28.0406 1672 Abiosdsk - ok
19:37:28.0437 1672 abp480n5 - ok
19:37:28.0515 1672 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys
19:37:29.0968 1672 ACPI - ok
19:37:30.0062 1672 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys
19:37:30.0218 1672 ACPIEC - ok
19:37:30.0328 1672 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:37:30.0343 1672 AdobeFlashPlayerUpdateSvc - ok
19:37:30.0390 1672 adpu160m - ok
19:37:30.0453 1672 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
19:37:30.0578 1672 aec - ok
19:37:30.0656 1672 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys
19:37:30.0703 1672 AFD - ok
19:37:30.0734 1672 Aha154x - ok
19:37:30.0750 1672 aic78u2 - ok
19:37:30.0750 1672 aic78xx - ok
19:37:30.0781 1672 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\windows\system32\alrsvc.dll
19:37:30.0906 1672 Alerter - ok
19:37:30.0937 1672 ALG (8c515081584a38aa007909cd02020b3d) C:\windows\System32\alg.exe
19:37:31.0015 1672 ALG - ok
19:37:31.0015 1672 AliIde - ok
19:37:31.0031 1672 amsint - ok
19:37:31.0062 1672 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\windows\System32\appmgmts.dll
19:37:31.0125 1672 AppMgmt - ok
19:37:31.0140 1672 AQFileRestore - ok
19:37:31.0140 1672 asc - ok
19:37:31.0156 1672 asc3350p - ok
19:37:31.0171 1672 asc3550 - ok
19:37:31.0218 1672 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:37:31.0281 1672 aspnet_state - ok
19:37:31.0359 1672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
19:37:31.0468 1672 AsyncMac - ok
19:37:31.0562 1672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
19:37:31.0671 1672 atapi - ok
19:37:31.0718 1672 Atdisk - ok
19:37:31.0781 1672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
19:37:31.0875 1672 Atmarpc - ok
19:37:31.0953 1672 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\windows\System32\audiosrv.dll
19:37:32.0078 1672 AudioSrv - ok
19:37:32.0156 1672 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
19:37:32.0265 1672 audstub - ok
19:37:32.0343 1672 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\windows\system32\DRIVERS\b57xp32.sys
19:37:32.0375 1672 b57w2k - ok
19:37:32.0453 1672 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\windows\System32\Drivers\BANTExt.sys
19:37:32.0468 1672 BANTExt ( UnsignedFile.Multi.Generic ) - warning
19:37:32.0468 1672 BANTExt - detected UnsignedFile.Multi.Generic (1)
19:37:32.0546 1672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
19:37:32.0671 1672 Beep - ok
19:37:32.0750 1672 BITS (574738f61fca2935f5265dc4e5691314) C:\windows\system32\qmgr.dll
19:37:32.0921 1672 BITS - ok
19:37:32.0968 1672 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\windows\System32\browser.dll
19:37:33.0093 1672 Browser - ok
19:37:33.0093 1672 catchme - ok
19:37:33.0140 1672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
19:37:33.0250 1672 cbidf2k - ok
19:37:33.0296 1672 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys
19:37:33.0406 1672 CCDECODE - ok
19:37:33.0406 1672 cd20xrnt - ok
19:37:33.0437 1672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
19:37:33.0546 1672 Cdaudio - ok
19:37:33.0578 1672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
19:37:33.0687 1672 Cdfs - ok
19:37:33.0718 1672 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
19:37:33.0828 1672 Cdrom - ok
19:37:33.0859 1672 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\windows\system32\drivers\cercsr6.sys
19:37:33.0875 1672 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
19:37:33.0875 1672 cercsr6 - detected UnsignedFile.Multi.Generic (1)
19:37:33.0890 1672 Changer - ok
19:37:33.0937 1672 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\windows\system32\cisvc.exe
19:37:34.0046 1672 CiSvc - ok
19:37:34.0078 1672 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\windows\system32\clipsrv.exe
19:37:34.0187 1672 ClipSrv - ok
19:37:34.0281 1672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:37:34.0328 1672 clr_optimization_v4.0.30319_32 - ok
19:37:34.0406 1672 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\windows\system32\DRIVERS\CmBatt.sys
19:37:34.0515 1672 CmBatt - ok
19:37:34.0562 1672 CmdIde - ok
19:37:34.0593 1672 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys
19:37:34.0718 1672 Compbatt - ok
19:37:34.0765 1672 COMSysApp - ok
19:37:34.0781 1672 Cpqarray - ok
19:37:34.0828 1672 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\windows\System32\cryptsvc.dll
19:37:34.0953 1672 CryptSvc - ok
19:37:34.0953 1672 dac2w2k - ok
19:37:34.0968 1672 dac960nt - ok
19:37:35.0015 1672 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\windows\system32\rpcss.dll
19:37:35.0078 1672 DcomLaunch - ok
19:37:35.0109 1672 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\windows\System32\dhcpcsvc.dll
19:37:35.0234 1672 Dhcp - ok
19:37:35.0265 1672 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
19:37:35.0375 1672 Disk - ok
19:37:35.0390 1672 dmadmin - ok
19:37:35.0437 1672 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys
19:37:35.0609 1672 dmboot - ok
19:37:35.0625 1672 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys
19:37:35.0734 1672 dmio - ok
19:37:35.0750 1672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
19:37:35.0859 1672 dmload - ok
19:37:35.0906 1672 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\windows\System32\dmserver.dll
19:37:36.0015 1672 dmserver - ok
19:37:36.0046 1672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
19:37:36.0171 1672 DMusic - ok
19:37:36.0234 1672 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\windows\System32\dnsrslvr.dll
19:37:36.0375 1672 Dnscache - ok
19:37:36.0406 1672 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\windows\System32\dot3svc.dll
19:37:36.0531 1672 Dot3svc - ok
19:37:36.0546 1672 dpti2o - ok
19:37:36.0593 1672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
19:37:36.0718 1672 drmkaud - ok
19:37:36.0734 1672 EapHost (2187855a7703adef0cef9ee4285182cc) C:\windows\System32\eapsvc.dll
19:37:36.0843 1672 EapHost - ok
19:37:36.0890 1672 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\windows\System32\ersvc.dll
19:37:37.0000 1672 ERSvc - ok
19:37:37.0062 1672 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\windows\system32\services.exe
19:37:37.0093 1672 Eventlog - ok
19:37:37.0140 1672 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:37:37.0171 1672 EventSystem - ok
19:37:37.0250 1672 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
19:37:37.0375 1672 Fastfat - ok
19:37:37.0421 1672 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\windows\System32\shsvcs.dll
19:37:37.0500 1672 FastUserSwitchingCompatibility - ok
19:37:37.0515 1672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\drivers\Fdc.sys
19:37:37.0640 1672 Fdc - ok
19:37:37.0687 1672 FilterService (ed6c44547540e7892a1c34fd4bd35a53) C:\windows\system32\DRIVERS\lvuvcflt.sys
19:37:37.0718 1672 FilterService - ok
19:37:37.0734 1672 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys
19:37:37.0859 1672 Fips - ok
19:37:37.0875 1672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys
19:37:38.0000 1672 Flpydisk - ok
19:37:38.0046 1672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
19:37:38.0156 1672 FltMgr - ok
19:37:38.0171 1672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
19:37:38.0265 1672 Fs_Rec - ok
19:37:38.0281 1672 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
19:37:38.0390 1672 Ftdisk - ok
19:37:38.0421 1672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
19:37:38.0515 1672 Gpc - ok
19:37:38.0625 1672 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:37:38.0640 1672 gupdate - ok
19:37:38.0640 1672 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:37:38.0656 1672 gupdatem - ok
19:37:38.0750 1672 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys
19:37:38.0859 1672 HDAudBus - ok
19:37:38.0937 1672 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:37:39.0046 1672 helpsvc - ok
19:37:39.0078 1672 HidServ - ok
19:37:39.0125 1672 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\windows\System32\kmsvc.dll
19:37:39.0234 1672 hkmsvc - ok
19:37:39.0265 1672 hpn - ok
19:37:39.0390 1672 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
19:37:39.0468 1672 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
19:37:39.0468 1672 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
19:37:39.0515 1672 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\windows\system32\DRIVERS\HSFHWAZL.sys
19:37:39.0562 1672 HSFHWAZL - ok
19:37:39.0609 1672 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\windows\system32\DRIVERS\HSF_DPV.sys
19:37:39.0718 1672 HSF_DPV - ok
19:37:39.0765 1672 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
19:37:39.0812 1672 HTTP - ok
19:37:39.0859 1672 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\windows\System32\w3ssl.dll
19:37:39.0984 1672 HTTPFilter - ok
19:37:40.0015 1672 i2omgmt - ok
19:37:40.0015 1672 i2omp - ok
19:37:40.0062 1672 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys
19:37:40.0171 1672 i8042prt - ok
19:37:40.0203 1672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
19:37:40.0328 1672 Imapi - ok
19:37:40.0359 1672 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\windows\system32\imapi.exe
19:37:40.0468 1672 ImapiService - ok
19:37:40.0500 1672 ini910u - ok
19:37:40.0515 1672 IntelIde - ok
19:37:40.0562 1672 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys
19:37:40.0656 1672 intelppm - ok
19:37:40.0703 1672 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
19:37:40.0812 1672 Ip6Fw - ok
19:37:40.0843 1672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:37:40.0937 1672 IpFilterDriver - ok
19:37:40.0968 1672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
19:37:41.0078 1672 IpInIp - ok
19:37:41.0109 1672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
19:37:41.0218 1672 IpNat - ok
19:37:41.0250 1672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
19:37:41.0375 1672 IPSec - ok
19:37:41.0406 1672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
19:37:41.0453 1672 IRENUM - ok
19:37:41.0500 1672 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys
19:37:41.0609 1672 isapnp - ok
19:37:41.0718 1672 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
19:37:41.0734 1672 JavaQuickStarterService - ok
19:37:41.0812 1672 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys
19:37:41.0921 1672 Kbdclass - ok
19:37:41.0984 1672 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
19:37:42.0109 1672 kmixer - ok
19:37:42.0171 1672 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
19:37:42.0296 1672 KSecDD - ok
19:37:42.0328 1672 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\windows\System32\srvsvc.dll
19:37:42.0375 1672 lanmanserver - ok
19:37:42.0406 1672 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\windows\System32\wkssvc.dll
19:37:42.0453 1672 lanmanworkstation - ok
19:37:42.0468 1672 lbrtfdc - ok
19:37:42.0515 1672 LmHosts (a7db739ae99a796d91580147e919cc59) C:\windows\System32\lmhsvc.dll
19:37:42.0640 1672 LmHosts - ok
19:37:42.0734 1672 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\windows\system32\DRIVERS\LVcKap.sys
19:37:42.0859 1672 LVcKap - ok
19:37:42.0937 1672 LVCOMSer (14e4cc4d46169759d874f57604ea6be5) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
19:37:42.0953 1672 LVCOMSer - ok
19:37:43.0093 1672 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\windows\system32\DRIVERS\LVMVDrv.sys
19:37:43.0156 1672 LVMVDrv - ok
19:37:43.0296 1672 lvpopflt (92990b040b68632cc3f80a742d163937) C:\windows\system32\DRIVERS\lvpopflt.sys
19:37:43.0421 1672 lvpopflt - ok
19:37:43.0468 1672 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\windows\system32\DRIVERS\LVPr2Mon.sys
19:37:43.0484 1672 LVPr2Mon - ok
19:37:43.0531 1672 LVPrcSrv (b2d04e813ba12ab179daf0b9fdecba3d) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:37:43.0531 1672 LVPrcSrv - ok
19:37:43.0578 1672 LVSrvLauncher (a7a2ef5000007ca361da1e2b99df8c57) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
19:37:43.0593 1672 LVSrvLauncher - ok
19:37:43.0625 1672 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\windows\system32\drivers\LVUSBSta.sys
19:37:43.0640 1672 LVUSBSta - ok
19:37:43.0781 1672 LVUVC (b0dfee7da5e6d04762e25e355d94d8b5) C:\windows\system32\DRIVERS\lvuvc.sys
19:37:44.0015 1672 LVUVC - ok
19:37:44.0062 1672 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\windows\system32\DRIVERS\mdmxsdk.sys
19:37:44.0093 1672 mdmxsdk - ok
19:37:44.0125 1672 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\windows\System32\msgsvc.dll
19:37:44.0234 1672 Messenger - ok
19:37:44.0265 1672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
19:37:44.0375 1672 mnmdd - ok
19:37:44.0421 1672 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:37:44.0546 1672 mnmsrvc - ok
19:37:44.0578 1672 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys
19:37:44.0703 1672 Modem - ok
19:37:44.0734 1672 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys
19:37:44.0828 1672 Mouclass - ok
19:37:44.0843 1672 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
19:37:44.0968 1672 MountMgr - ok
19:37:44.0968 1672 mraid35x - ok
19:37:45.0000 1672 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
19:37:45.0125 1672 MRxDAV - ok
19:37:45.0171 1672 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
19:37:45.0265 1672 MRxSmb - ok
19:37:45.0296 1672 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:37:45.0421 1672 MSDTC - ok
19:37:45.0484 1672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
19:37:45.0593 1672 Msfs - ok
19:37:45.0609 1672 MSIServer - ok
19:37:45.0640 1672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
19:37:45.0750 1672 MSKSSRV - ok
19:37:45.0765 1672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
19:37:45.0875 1672 MSPCLOCK - ok
19:37:45.0890 1672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
19:37:46.0000 1672 MSPQM - ok
19:37:46.0046 1672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
19:37:46.0140 1672 mssmbios - ok
19:37:46.0187 1672 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys
19:37:46.0296 1672 MSTEE - ok
19:37:46.0343 1672 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
19:37:46.0375 1672 Mup - ok
19:37:46.0421 1672 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys
19:37:46.0531 1672 NABTSFEC - ok
19:37:46.0609 1672 napagent (0102140028fad045756796e1c685d695) C:\windows\System32\qagentrt.dll
19:37:46.0734 1672 napagent - ok
19:37:46.0796 1672 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
19:37:46.0906 1672 NDIS - ok
19:37:46.0937 1672 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys
19:37:47.0062 1672 NdisIP - ok
19:37:47.0093 1672 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
19:37:47.0171 1672 NdisTapi - ok
19:37:47.0218 1672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
19:37:47.0328 1672 Ndisuio - ok
19:37:47.0359 1672 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
19:37:47.0468 1672 NdisWan - ok
19:37:47.0500 1672 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
19:37:47.0578 1672 NDProxy - ok
19:37:47.0625 1672 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
19:37:47.0640 1672 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:37:47.0640 1672 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:37:47.0671 1672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
19:37:47.0796 1672 NetBIOS - ok
19:37:47.0828 1672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
19:37:47.0937 1672 NetBT - ok
19:37:47.0984 1672 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\windows\system32\netdde.exe
19:37:48.0093 1672 NetDDE - ok
19:37:48.0109 1672 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\windows\system32\netdde.exe
19:37:48.0203 1672 NetDDEdsdm - ok
19:37:48.0234 1672 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
19:37:48.0359 1672 Netlogon - ok
19:37:48.0390 1672 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\windows\System32\netman.dll
19:37:48.0500 1672 Netman - ok
19:37:48.0562 1672 Nla (943337d786a56729263071623bbb9de5) C:\windows\System32\mswsock.dll
19:37:48.0578 1672 Nla - ok
19:37:48.0625 1672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
19:37:48.0734 1672 Npfs - ok
19:37:48.0796 1672 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
19:37:48.0953 1672 Ntfs - ok
19:37:48.0984 1672 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
19:37:49.0078 1672 NtLmSsp - ok
19:37:49.0125 1672 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\windows\system32\ntmssvc.dll
19:37:49.0265 1672 NtmsSvc - ok
19:37:49.0296 1672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
19:37:49.0421 1672 Null - ok
19:37:49.0687 1672 nv (c116d2b008a1640c4484a1dcd1abe12c) C:\windows\system32\DRIVERS\nv4_mini.sys
19:37:50.0125 1672 nv - ok
19:37:50.0171 1672 NVSvc (bc6f6d569a0848ba9d38158ae4734a9c) C:\windows\system32\nvsvc32.exe
19:37:50.0203 1672 NVSvc - ok
19:37:50.0250 1672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
19:37:50.0359 1672 NwlnkFlt - ok
19:37:50.0375 1672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
19:37:50.0484 1672 NwlnkFwd - ok
19:37:50.0687 1672 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\drivers\Parport.sys
19:37:50.0812 1672 Parport - ok
19:37:50.0859 1672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
19:37:50.0968 1672 PartMgr - ok
19:37:51.0031 1672 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
19:37:51.0125 1672 ParVdm - ok
19:37:51.0203 1672 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys
19:37:51.0312 1672 PCI - ok
19:37:51.0359 1672 PCIDump - ok
19:37:51.0406 1672 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys
19:37:51.0515 1672 PCIIde - ok
19:37:51.0578 1672 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\DRIVERS\pcmcia.sys
19:37:51.0687 1672 Pcmcia - ok
19:37:51.0718 1672 PDCOMP - ok
19:37:51.0765 1672 PDFRAME - ok
19:37:51.0796 1672 PDRELI - ok
19:37:51.0828 1672 PDRFRAME - ok
19:37:51.0859 1672 perc2 - ok
19:37:51.0890 1672 perc2hib - ok
19:37:52.0125 1672 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\TheComboFix\pev.3XE
19:37:52.0156 1672 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
19:37:52.0156 1672 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
19:37:52.0250 1672 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\windows\system32\services.exe
19:37:52.0265 1672 PlugPlay - ok
19:37:52.0312 1672 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
19:37:52.0328 1672 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:37:52.0328 1672 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:37:52.0343 1672 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
19:37:52.0437 1672 PolicyAgent - ok
19:37:52.0515 1672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
19:37:52.0625 1672 PptpMiniport - ok
19:37:52.0671 1672 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
19:37:52.0765 1672 ProtectedStorage - ok
19:37:52.0796 1672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
19:37:52.0906 1672 Ptilink - ok
19:37:53.0015 1672 QKV - ok
19:37:53.0031 1672 ql1080 - ok
19:37:53.0046 1672 Ql10wnt - ok
19:37:53.0046 1672 ql12160 - ok
19:37:53.0062 1672 ql1240 - ok
19:37:53.0078 1672 ql1280 - ok
19:37:53.0093 1672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
19:37:53.0187 1672 RasAcd - ok
19:37:53.0234 1672 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\windows\System32\rasauto.dll
19:37:53.0343 1672 RasAuto - ok
19:37:53.0375 1672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
19:37:53.0500 1672 Rasl2tp - ok
19:37:53.0546 1672 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\windows\System32\rasmans.dll
19:37:53.0671 1672 RasMan - ok
19:37:53.0718 1672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
19:37:53.0812 1672 RasPppoe - ok
19:37:53.0828 1672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
19:37:53.0953 1672 Raspti - ok
19:37:53.0984 1672 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
19:37:54.0093 1672 Rdbss - ok
19:37:54.0109 1672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
19:37:54.0218 1672 RDPCDD - ok
19:37:54.0250 1672 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys
19:37:54.0359 1672 rdpdr - ok
19:37:54.0390 1672 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\windows\system32\drivers\RDPWD.sys
19:37:54.0437 1672 RDPWD - ok
19:37:54.0484 1672 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:37:54.0593 1672 RDSessMgr - ok
19:37:54.0656 1672 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys
19:37:54.0765 1672 redbook - ok
19:37:54.0953 1672 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\windows\System32\mprdim.dll
19:37:55.0062 1672 RemoteAccess - ok
19:37:55.0109 1672 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\windows\system32\regsvc.dll
19:37:55.0234 1672 RemoteRegistry - ok
19:37:55.0281 1672 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\windows\system32\locator.exe
19:37:55.0375 1672 RpcLocator - ok
19:37:55.0437 1672 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\windows\System32\rpcss.dll
19:37:55.0453 1672 RpcSs - ok
19:37:55.0500 1672 RSVP (471b3f9741d762abe75e9deea4787e47) C:\windows\system32\rsvp.exe
19:37:55.0609 1672 RSVP - ok
19:37:55.0640 1672 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
19:37:55.0734 1672 SamSs - ok
19:37:55.0765 1672 SBRE - ok
19:37:55.0843 1672 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\windows\System32\SCardSvr.exe
19:37:55.0953 1672 SCardSvr - ok
19:37:56.0046 1672 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\windows\system32\schedsvc.dll
19:37:56.0171 1672 Schedule - ok
19:37:56.0203 1672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
19:37:56.0281 1672 Secdrv - ok
19:37:56.0437 1672 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\windows\System32\seclogon.dll
19:37:56.0546 1672 seclogon - ok
19:37:56.0656 1672 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\windows\system32\sens.dll
19:37:56.0781 1672 SENS - ok
19:37:56.0921 1672 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
19:37:57.0046 1672 serenum - ok
19:37:57.0203 1672 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys
19:37:57.0328 1672 Serial - ok
19:37:57.0593 1672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
19:37:57.0734 1672 Sfloppy - ok
19:37:57.0875 1672 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\windows\System32\ipnathlp.dll
19:37:58.0031 1672 SharedAccess - ok
19:37:58.0250 1672 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\windows\System32\shsvcs.dll
19:37:58.0281 1672 ShellHWDetection - ok
19:37:58.0390 1672 Simbad - ok
19:37:58.0468 1672 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys
19:37:58.0578 1672 SLIP - ok
19:37:58.0671 1672 Sparrow - ok
19:37:58.0843 1672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
19:37:59.0031 1672 splitter - ok
19:37:59.0093 1672 Spooler (60784f891563fb1b767f70117fc2428f) C:\windows\system32\spoolsv.exe
19:37:59.0140 1672 Spooler - ok
19:37:59.0218 1672 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys
19:37:59.0296 1672 sr - ok
19:37:59.0375 1672 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\windows\system32\srsvc.dll
19:37:59.0421 1672 srservice - ok
19:37:59.0484 1672 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
19:37:59.0562 1672 Srv - ok
19:37:59.0609 1672 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\windows\System32\ssdpsrv.dll
19:37:59.0687 1672 SSDPSRV - ok
19:37:59.0796 1672 STHDA (951801dfb54d86f611f0af47825476f9) C:\windows\system32\drivers\sthda.sys
19:37:59.0890 1672 STHDA - ok
19:37:59.0968 1672 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\windows\system32\DRIVERS\serscan.sys
19:38:00.0078 1672 StillCam - ok
19:38:00.0203 1672 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\windows\system32\wiaservc.dll
19:38:00.0421 1672 stisvc - ok
19:38:00.0734 1672 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys
19:38:00.0859 1672 streamip - ok
19:38:00.0937 1672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
19:38:01.0046 1672 swenum - ok
19:38:01.0109 1672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
19:38:01.0218 1672 swmidi - ok
19:38:01.0250 1672 SwPrv - ok
19:38:01.0265 1672 symc810 - ok
19:38:01.0281 1672 symc8xx - ok
19:38:01.0281 1672 sym_hi - ok
19:38:01.0296 1672 sym_u3 - ok
19:38:01.0343 1672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
19:38:01.0453 1672 sysaudio - ok
19:38:01.0500 1672 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\windows\system32\smlogsvc.exe
19:38:01.0625 1672 SysmonLog - ok
19:38:01.0656 1672 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\windows\System32\tapisrv.dll
19:38:01.0765 1672 TapiSrv - ok
19:38:01.0843 1672 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
19:38:01.0875 1672 Tcpip - ok
19:38:01.0906 1672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
19:38:02.0015 1672 TDPIPE - ok
19:38:02.0031 1672 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
19:38:02.0125 1672 TDTCP - ok
19:38:02.0156 1672 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
19:38:02.0281 1672 TermDD - ok
19:38:02.0328 1672 TermService (ff3477c03be7201c294c35f684b3479f) C:\windows\System32\termsrv.dll
19:38:02.0453 1672 TermService - ok
19:38:02.0500 1672 Themes (99bc0b50f511924348be19c7c7313bbf) C:\windows\System32\shsvcs.dll
19:38:02.0515 1672 Themes - ok
19:38:02.0546 1672 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:38:02.0609 1672 TlntSvr - ok
19:38:02.0625 1672 TosIde - ok
19:38:02.0671 1672 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\windows\system32\trkwks.dll
19:38:02.0781 1672 TrkWks - ok
19:38:02.0843 1672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
19:38:02.0968 1672 Udfs - ok
19:38:02.0968 1672 ultra - ok
19:38:03.0031 1672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
19:38:03.0156 1672 Update - ok
19:38:03.0203 1672 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\windows\System32\upnphost.dll
19:38:03.0265 1672 upnphost - ok
19:38:03.0296 1672 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\windows\System32\ups.exe
19:38:03.0421 1672 UPS - ok
19:38:03.0484 1672 usbaudio (e919708db44ed8543a7c017953148330) C:\windows\system32\drivers\usbaudio.sys
19:38:03.0609 1672 usbaudio - ok
19:38:03.0656 1672 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
19:38:03.0765 1672 usbccgp - ok
19:38:03.0812 1672 USBCCID (2825e0e294686a26506690059e1f437a) C:\windows\system32\DRIVERS\usbccid.sys
19:38:03.0843 1672 USBCCID - ok
19:38:03.0890 1672 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
19:38:04.0000 1672 usbehci - ok
19:38:04.0031 1672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
19:38:04.0125 1672 usbhub - ok
19:38:04.0171 1672 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
19:38:04.0281 1672 usbprint - ok
19:38:04.0312 1672 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
19:38:04.0421 1672 usbscan - ok
19:38:04.0437 1672 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:38:04.0546 1672 USBSTOR - ok
19:38:04.0593 1672 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys
19:38:04.0703 1672 usbuhci - ok
19:38:04.0750 1672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
19:38:04.0859 1672 VgaSave - ok
19:38:04.0875 1672 ViaIde - ok
19:38:04.0890 1672 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys
19:38:05.0000 1672 VolSnap - ok
19:38:05.0062 1672 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\windows\System32\vssvc.exe
19:38:05.0125 1672 VSS - ok
19:38:05.0156 1672 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\windows\system32\w32time.dll
19:38:05.0265 1672 W32Time - ok
19:38:05.0375 1672 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\windows\system32\DRIVERS\w39n51.sys
19:38:05.0515 1672 w39n51 - ok
19:38:05.0546 1672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
19:38:05.0671 1672 Wanarp - ok
19:38:05.0671 1672 WDICA - ok
19:38:05.0703 1672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
19:38:05.0828 1672 wdmaud - ok
19:38:05.0859 1672 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\windows\System32\webclnt.dll
19:38:05.0984 1672 WebClient - ok
19:38:06.0062 1672 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\windows\system32\DRIVERS\HSF_CNXT.sys
19:38:06.0703 1672 winachsf - ok
19:38:06.0750 1672 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\windows\system32\wbem\WMIsvc.dll
19:38:06.0859 1672 winmgmt - ok
19:38:06.0890 1672 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:38:06.0937 1672 WmdmPmSN - ok
19:38:07.0000 1672 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\windows\System32\advapi32.dll
19:38:07.0062 1672 Wmi - ok
19:38:07.0109 1672 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\windows\system32\DRIVERS\wmiacpi.sys
19:38:07.0218 1672 WmiAcpi - ok
19:38:07.0265 1672 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:38:07.0390 1672 WmiApSrv - ok
19:38:07.0484 1672 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:38:07.0578 1672 WMPNetworkSvc - ok
19:38:07.0750 1672 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:38:07.0843 1672 WPFFontCache_v0400 - ok
19:38:07.0953 1672 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys
19:38:08.0062 1672 WS2IFSL - ok
19:38:08.0140 1672 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\windows\system32\wscsvc.dll
19:38:08.0250 1672 wscsvc - ok
19:38:08.0296 1672 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS
19:38:08.0406 1672 WSTCODEC - ok
19:38:08.0453 1672 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:38:08.0578 1672 wuauserv - ok
19:38:08.0640 1672 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
19:38:08.0671 1672 WudfPf - ok
19:38:08.0718 1672 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
19:38:08.0750 1672 WudfRd - ok
19:38:08.0781 1672 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\windows\System32\WUDFSvc.dll
19:38:08.0828 1672 WudfSvc - ok
19:38:08.0875 1672 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\windows\System32\wzcsvc.dll
19:38:09.0015 1672 WZCSVC - ok
19:38:09.0046 1672 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\windows\System32\xmlprov.dll
19:38:09.0156 1672 xmlprov - ok
19:38:09.0187 1672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:38:09.0359 1672 \Device\Harddisk0\DR0 - ok
19:38:09.0375 1672 Boot (0x1200) (142cd9e77e7c54429eb56aeed2b3b93a) \Device\Harddisk0\DR0\Partition0
19:38:09.0375 1672 \Device\Harddisk0\DR0\Partition0 - ok
19:38:09.0375 1672 ============================================================
19:38:09.0375 1672 Scan finished
19:38:09.0375 1672 ============================================================
19:38:09.0468 2476 Detected object count: 6
19:38:09.0468 2476 Actual detected object count: 6
19:39:12.0890 2476 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:12.0890 2476 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:12.0890 2476 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:12.0890 2476 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:12.0890 2476 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:12.0890 2476 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:12.0906 2476 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:12.0906 2476 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:12.0906 2476 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:12.0906 2476 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:12.0906 2476 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:12.0906 2476 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-12 19:43:45
-----------------------------
19:43:45.281 OS Version: Windows 5.1.2600 Service Pack 3
19:43:45.281 Number of processors: 2 586 0xE08
19:43:45.281 ComputerName: LIZ-262D0782F51 UserName: Liz
19:43:45.718 Initialize success
19:48:19.109 AVAST engine defs: 12041201
19:48:38.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:48:38.562 Disk 0 Vendor: ST96023AS 8.02 Size: 57231MB BusType: 3
19:48:38.625 Disk 0 MBR read successfully
19:48:38.625 Disk 0 MBR scan
19:48:38.656 Disk 0 Windows XP default MBR code
19:48:38.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
19:48:38.656 Disk 0 scanning sectors +117210240
19:48:39.171 Disk 0 scanning C:\windows\system32\drivers
19:48:48.953 Service scanning
19:49:02.515 Modules scanning
19:49:06.031 Disk 0 trace - called modules:
19:49:06.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:49:06.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a568ab8]
19:49:06.046 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000079[0x8a574f18]
19:49:06.046 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4e3940]
19:49:06.343 AVAST engine scan C:\windows
19:49:09.109 AVAST engine scan C:\windows\system32
19:50:48.000 AVAST engine scan C:\windows\system32\drivers
19:51:00.390 AVAST engine scan C:\Documents and Settings\Liz
19:52:06.453 AVAST engine scan C:\Documents and Settings\All Users
19:52:38.500 Scan finished successfully
19:53:14.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Liz\Desktop\MBR.dat"
19:53:14.734 The log file has been saved successfully to "C:\Documents and Settings\Liz\Desktop\aswMBR.txt"

Liz

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 12 April 2012 - 10:11 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 April 2012 - 10:30 PM

YES!!! Combofix finally ran, thank you. The log follows below:

Combofix Log

ComboFix 12-04-12.02 - Liz 04/12/2012 20:21:54.1.2 - x86
Running from: c:\documents and settings\Liz\Desktop\TheComboFix.exe
Command switches used :: /nombr
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\QUYSsM3tKO6hbx
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-12 12:39 . 2012-04-13 03:25 4776 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-04-09 22:15 . 2012-04-09 22:15 -------- d-----w- c:\program files\CCleaner
2012-04-09 22:14 . 2012-04-09 22:15 -------- d-----w- c:\documents and settings\Liz\Application Data\Ad-Aware Antivirus
2012-04-09 22:06 . 2012-04-09 22:13 -------- d-----w- c:\documents and settings\Liz\Application Data\Wise Registry Cleaner
2012-04-09 22:06 . 2012-04-09 22:06 -------- d-----w- c:\program files\Wise
2012-04-09 21:30 . 2012-04-09 21:30 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-09 20:55 . 2012-04-09 20:55 -------- d-----w- c:\program files\Belarc
2012-04-09 20:55 . 2011-08-10 00:33 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2012-04-09 20:41 . 2012-04-09 20:42 -------- dc----w- c:\windows\ie8
2012-04-08 06:31 . 2012-04-09 18:44 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-06 18:39 . 2012-04-06 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2012-04-06 17:00 . 2012-04-09 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-06 15:14 . 2012-04-06 15:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-06 04:59 . 2012-04-06 04:59 15524152 ----a-w- C:\windows-kb890830-v4.6.exe
2012-04-06 03:49 . 2012-04-06 03:49 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-04-06 03:48 . 2012-04-06 03:48 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-04-06 03:47 . 2012-04-06 03:47 3038 ----a-w- C:\fix_svchost.bat
2012-04-05 21:30 . 2012-04-09 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-05 18:05 . 2011-07-15 13:29 456320 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2012-04-05 18:05 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-04-05 17:10 . 2012-04-05 17:10 -------- d-s---w- c:\documents and settings\LocalService\UserData
2012-04-05 16:49 . 2012-04-05 16:49 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-03-14 03:53 . 2012-04-05 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 18:44 . 2011-07-15 10:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 15:15 . 2004-08-04 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-05 16:21 . 2011-07-24 18:03 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-03-04 05:38 . 2012-03-04 05:38 0 ----a-w- c:\windows\invcol.tmp
2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, OknixlegRaxp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-04-06 04:33 116648 ----atw- c:\documents and settings\Liz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-06-09 14:23 13537280 ------w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2008-06-09 14:23 90112 ------w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-06-09 14:23 1630208 ------w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 18:22 405504 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 19:59 254696 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGIDSAgent"=2 (0x2)
"avgwd"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 11:31 PM 253600]
S3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys --> c:\windows\system32\DRIVERS\AQFileRestore.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2011 7:26 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2011 7:26 PM 136176]
S4 QKV;QKV;c:\docume~1\Liz\LOCALS~1\Temp\QKV.exe --> c:\docume~1\Liz\LOCALS~1\Temp\QKV.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uiusys
rksample
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:44]
.
2012-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-19 02:26]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-19 02:26]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-602609370-725345543-1003Core.job
- c:\documents and settings\Liz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-06 04:33]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-602609370-725345543-1003UA.job
- c:\documents and settings\Liz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-06 04:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-dplaysvr - c:\documents and settings\Liz\Application Data\dplaysvr.exe
SafeBoot-25684811.sys
SafeBoot-73390533.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 20:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-12 20:27:55
ComboFix-quarantined-files.txt 2012-04-13 03:27
.
Pre-Run: 40,255,479,808 bytes free
Post-Run: 40,364,171,264 bytes free
.
- - End Of File - - 9DA19C41A2B9BFE0B6143DCF49FF51A8

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 12 April 2012 - 10:36 PM

how are things running now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 April 2012 - 10:57 PM

Gringo,

So IE / Google doesn't seem to be redirecting, and appears to be responding faster. However, something weird (and new) is no matter what web site I go to I am getting a security window pop up. "You are about to view pages over a secure connection. Any information you exchange with this site cannot be viewed by anyone else on the web." Even for sites that are not security needed / focused. Could this be indicative of there still being an issue? Also, how can we verify that the Rootkit is removed? In the past I have gotten the laptop to where it seems to be fine for a few days, and then it will start redirecting again.

Thank you again for ALL your help!!!

Liz

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 12 April 2012 - 11:00 PM

Hello


double post

gringo

Edited by gringo_pr, 12 April 2012 - 11:05 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users