Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI CYBERCRIME Used hitman-now what


  • This topic is locked This topic is locked
37 replies to this topic

#1 chassc

chassc

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 22 April 2013 - 12:01 AM

Mod Edit: moved to more helpful forum for this.


What a way to spend a Sunday. PC running Windows XP Pro infected with FBI Cybercrime (SKYPE). Immediately after the FBI screen popped up I unplugged the internet connection and manually cut PC off. Restarted  PC, got login screen, logged in, got a white screen with hour glass (not spinning); started task manager, clicked on processes, back to white screen. Tried Safemode with Networking- starts up , flashes some msg too quick for me to read, closes and tries to restart in Normal mode; Safe Mode sez password is invalid.
Used another computer to get to Bleepingcomputer; found Removal Guide for FBI Cybercrime; followed instructions and built Hitman boot USB device; plugged into PC/ started/ selected One Time Only option.
Hitman ran/ found SKYPE.dat (marked as "Suspicious" with default option of "Quarantine"); when HM finished/ I changed the option to delete/Hit "NEXT"/ got screen asking for activation number, no way out but to cancel/tried Quarrantine option- still wanted activation number. Cancelled and turned PC off.
 
Unplugged internet connection/started in Normal mode; got login screen/entered pw/got my background screen with cursor and hourglass (hourglass goes away, cursor remains), but no icons. Started Task Manager and CPU use mostly sits on 99% for System Idle Processes; some processes run intermittently (MsMpEng.exe, some AVG processes, jqs.exe) but @ 2-17%; after 10 min, still no desk top icons so I shutdown. Started in Safemode with Networking-starts/closes/tries to restart in Normal mode; started in Safe Mode but sez password invalid.
 
Should I try the Hitman USB start again?  If not, what do I try next?
 
Thanks

Edited by boopme, 22 April 2013 - 01:10 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 PM

Posted 22 April 2013 - 10:22 PM


Hello

Lets see if we can get this to run
  • Download OTLPE from either location and save it to your desktop:

    http://oldtimer.geekstogo.com/OTLPEStd.exe
    http://ottools.noahdfear.net/OTLPEStd.exe
  • Double click the OTLPENet icon on your desktop
  • "Do you want to burn the CD?" choose Yes
  • ImgBurn will automatically extract and load the OTLPE Iso to be burned to CD
  • Place a blank CD in your CD-Rom
  • Click imgbrn.png to start the burn process
  • You will see a dialog "Operation successfully completed"
  • Boot the non-working computer using the boot CD you just created
  • In order to do so, the computer must be set to boot from the CD first

    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press "OK"
  • OTL should now start.
  • Push runscanbutton.png
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 PM

Posted 25 April 2013 - 12:39 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 chassc

chassc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 26 April 2013 - 08:15 AM

Not sure of the protocaol for posting log, so I pasted it and attached it.

Thanks for the help.

 

OTL logfile created on: 4/26/2013 6:10:48 AM - Run
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 157.02 Gb Free Space | 52.68% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (RoxLiveShare9)
SRV - [2013/04/14 12:17:09 | 000,968,880 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/04/02 13:15:56 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/16 11:32:32 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/16 13:17:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/08 18:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/11/09 14:07:02 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/17 11:52:08 | 000,098,304 | ---- | M] (WDC) [Auto] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/05/21 22:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 22:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 22:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/04/19 06:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2007/04/06 05:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)
SRV - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2001/10/09 11:20:54 | 000,032,256 | ---- | M] (ProdEx Technologies) [Auto] -- C:\WINDOWS\system32\slpservice.exe -- (SLPMONX)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (mferkdk)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2013/04/14 12:17:10 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/04/14 07:19:05 | 000,055,448 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2013/04/14 07:19:02 | 000,317,112 | ---- | M] () [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_51755.sys -- (RapportCerberus_51755)
DRV - [2013/04/11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/04/02 13:16:10 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/04/02 13:16:10 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/04/02 13:16:08 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/12/10 03:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/08 03:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/03/28 09:38:26 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2009/02/13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/12/29 21:34:52 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2008/08/31 22:42:18 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/08/31 22:24:24 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/05/23 17:54:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/03/06 12:51:14 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2002/04/11 14:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midlandstech.edu/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\gazdar_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\gazdar_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\gazdar_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\gazdar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\gazdar_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\irmadmin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\irmadmin_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\irmadmin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\irmadmin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\irmadmin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\parkerc_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKU\parkerc_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\parkerc_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midlandstech.edu/
IE - HKU\parkerc_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@dimdim.com/DimdimPlugin: C:\Program Files\Dimdim\Plugin\Application\npDimDimControl.dll (Dimdim, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\parkerc\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/04/20 18:23:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/29 18:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/04/14 12:17:33 | 000,000,000 | ---D | M]
 
[2011/06/16 07:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2011/09/21 13:06:58 | 000,437,605 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15053 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\parkerc_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\parkerc_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [POINTER]  File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\parkerc_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Administrator_ON_C..\RunOnce: [AVG search provider] C:\Program Files\AVG\AVG10\SearchProvider.exe ()
O4 - HKU\Administrator_ON_C..\RunOnce: [spchecker]  File not found
O4 - HKU\irmadmin_ON_C..\RunOnce: [AVG search provider] C:\Program Files\AVG\AVG10\SearchProvider.exe ()
O4 - HKU\irmadmin_ON_C..\RunOnce: [spchecker]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printscreen 2000.lnk = C:\Ps2000\Prt9532.exe (Super Simple Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
F3 - HKU\.DEFAULT WinNT: Load - (slpmonx.exe) - C:\WINDOWS\System32\slpmonx.exe (Seiko Instruments USA, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\gazdar_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\irmadmin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\parkerc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {DC811A54-8FE7-4653-9DB6-49CEABCE705A} https://ftps.nslc.org/COM/MOVEitUploadWizard5.1.0.ocx (MOVEitUpDownWiz Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mtc.midlandstech.edu
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\parkerc_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\parkerc_ON_C Winlogon: Shell - (C:\Documents and Settings\parkerc\Application Data\skype.dat) - C:\Documents and Settings\parkerc\Application Data\skype.dat ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/21 20:15:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/04/20 18:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/04/15 18:24:23 | 000,000,000 | ---D | C] -- C:\2011 taxes
[2013/04/15 15:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2013/04/15 15:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\parkerc\My Documents\My eBooks
[2013/04/15 15:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\parkerc\Application Data\InterTrust
[2013/04/15 15:52:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2013/04/15 12:56:27 | 000,000,000 | ---D | C] -- C:\00 00 TAXES 2012
[2013/04/15 12:41:51 | 000,000,000 | ---D | C] -- C:\_AcroTemp
[2013/04/15 12:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2013/04/14 15:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/04/14 15:35:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IETldCache
[2013/04/14 15:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\parkerc\Local Settings\Application Data\AVG Secure Search
[2013/04/14 12:17:25 | 000,033,112 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/04/13 13:19:43 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/04/13 13:16:09 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/04/13 13:16:08 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/04/13 13:13:20 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/04/04 23:53:00 | 000,000,000 | ---D | C] -- C:\GRADUATES
[2013/04/02 13:16:10 | 000,102,008 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2013/03/29 00:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\parkerc\My Documents\BlackBerry
[2010/06/02 12:15:01 | 000,262,144 | ---- | C] (IBM Corporation) -- C:\Documents and Settings\parkerc\wIntJavaJNI.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/26 05:00:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/26 04:58:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/26 04:57:41 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/22 01:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/04/22 00:42:34 | 000,499,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/22 00:42:34 | 000,093,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/22 00:40:57 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[2013/04/22 00:40:57 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Signature Update.job
[2013/04/22 00:40:57 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/04/22 00:35:40 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\parkerc\Application Data\skype.ini
[2013/04/22 00:34:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/22 00:34:46 | 000,189,194 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/04/22 00:34:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/21 21:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Rapport
[2013/04/21 20:19:39 | 118,057,770 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/04/20 18:23:36 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2013/04/20 18:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/04/19 01:56:18 | 000,000,181 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2013/04/15 18:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\next.job
[2013/04/15 16:12:03 | 000,002,023 | ---- | M] () -- C:\Documents and Settings\parkerc\Desktop\5800 printer assistant.lnk
[2013/04/15 15:55:04 | 000,140,323 | ---- | M] () -- C:\WINDOWS\hpdj5600.his
[2013/04/15 15:55:04 | 000,005,224 | ---- | M] () -- C:\WINDOWS\hpdj5600.ini
[2013/04/15 15:52:29 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader 5.0.lnk
[2013/04/15 15:52:29 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2013/04/15 15:51:11 | 000,000,414 | ---- | M] () -- C:\WINDOWS\hpbvspst.ini
[2013/04/15 15:51:09 | 000,002,886 | ---- | M] () -- C:\WINDOWS\hpbvspst.his
[2013/04/15 13:47:49 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\parkerc\Desktop\Excel.lnk
[2013/04/15 12:45:15 | 000,002,371 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 9.lnk
[2013/04/15 12:44:23 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2013/04/15 12:41:09 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013/04/15 12:41:09 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/04/15 12:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2013/04/15 12:41:08 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2013/04/15 11:04:26 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/15 11:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/14 15:41:59 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/04/14 15:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/04/14 15:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/04/14 12:17:10 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/04/14 07:16:12 | 000,463,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/13 17:54:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/13 17:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/04/13 17:20:54 | 000,260,759 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/04/13 13:33:58 | 000,026,900 | ---- | M] () -- C:\Documents and Settings\parkerc\Local Settings\Application Data\dt.dat
[2013/04/11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2013/04/05 04:32:55 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\parkerc\Desktop\Word.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/02 13:16:10 | 000,102,008 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2013/04/02 06:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/03/31 08:29:04 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\parkerc\.recently-used.xbel
[2013/03/29 00:16:20 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\parkerc\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/20 18:30:32 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\parkerc\Application Data\skype.ini
[2013/04/15 15:52:29 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader 5.0.lnk
[2013/04/15 15:52:29 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2013/04/15 15:51:18 | 000,140,323 | ---- | C] () -- C:\WINDOWS\hpdj5600.his
[2013/04/15 15:51:18 | 000,005,224 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini
[2013/04/15 15:50:46 | 000,002,886 | ---- | C] () -- C:\WINDOWS\hpbvspst.his
[2013/04/15 15:50:46 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2013/04/15 11:04:26 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/13 13:33:58 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\parkerc\Local Settings\Application Data\dt.dat
[2013/03/31 08:29:04 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\parkerc\.recently-used.xbel
[2013/03/29 00:32:02 | 000,014,014 | ---- | C] () -- C:\Documents and Settings\parkerc\My Documents\blackberry_desktop_software_26
[2012/03/01 20:03:36 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/02/15 05:13:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/13 08:55:58 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\openssl.exe
[2011/08/29 17:59:05 | 000,207,578 | ---- | C] () -- C:\WINDOWS\hpwins28.dat.temp
[2011/08/29 17:59:05 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat.temp
[2011/08/29 17:46:42 | 000,206,576 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
[2011/08/29 17:46:42 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2011/06/16 07:59:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/21 05:40:15 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\parkerc\USB002
[2010/08/25 08:19:01 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/02/16 11:46:57 | 000,000,106 | ---- | C] () -- C:\WINDOWS\prt9532.ini
[2010/01/11 18:49:12 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\parkerc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/09 18:06:47 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\parkerc\ssnprefs.xml
[2009/11/09 16:50:16 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\parkerc\Local Settings\Application Data\fusioncache.dat
[2009/11/09 16:09:08 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2009/11/09 13:36:33 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/11/09 10:34:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SlpApi42.dll
[2009/11/09 10:34:24 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\Slpmnrun.exe
[2009/11/05 15:05:37 | 000,385,072 | ---- | C] () -- C:\WINDOWS\System32\HPRrm.dll
[2009/11/05 15:05:26 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/11/05 15:05:26 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/11/05 12:52:56 | 000,011,984 | ---- | C] () -- C:\WINDOWS\hpdj5800.ini
[2009/11/05 12:23:44 | 000,000,181 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/11/03 10:15:12 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/30 15:25:18 | 000,000,752 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/30 15:02:51 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/03/18 16:35:37 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/03/18 16:35:37 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/03/18 16:35:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/03/18 16:35:00 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/03/18 14:59:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/18 14:47:24 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 12:16:22 | 000,499,568 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 12:16:22 | 000,093,382 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 12:16:20 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\parkerc\Application Data\skype.dat
[2008/04/25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 05:22:39 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 05:21:52 | 000,463,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/19 06:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/04/19 06:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2003/06/17 18:20:28 | 000,005,358 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/06/17 18:13:16 | 000,000,332 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2002/04/11 14:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2000/07/31 05:47:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHealr.dll
 
========== LOP Check ==========
 
[2009/03/18 14:44:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Windows Desktop Search
[2009/03/18 14:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/03/30 15:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/01/12 11:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gazdar\Application Data\AVG2012
[2011/11/23 08:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gazdar\Application Data\dimdim
[2011/11/23 08:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gazdar\Application Data\Skinux
[2011/04/21 07:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gazdar\Application Data\Trusteer
[2009/03/18 14:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gazdar\Application Data\Windows Desktop Search
[2010/12/28 14:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\irmadmin\Application Data\dimdim
[2009/03/18 14:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\irmadmin\Application Data\Windows Desktop Search
[2012/01/12 11:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\AVG Secure Search
[2012/01/12 11:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\AVG2012
[2011/02/15 17:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\Blackberry Desktop
[2012/03/01 20:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\Canneverbe Limited
[2010/05/18 09:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\dimdim
[2013/01/04 15:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\gtk-2.0
[2011/08/09 16:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\Helios
[2013/04/15 15:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\InterTrust
[2010/09/29 10:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\Research In Motion
[2011/02/08 18:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\SAS
[2011/09/29 19:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\Skinux
[2011/04/02 14:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\Trusteer
[2012/02/21 17:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\Western Digital
[2009/03/18 14:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\Windows Desktop Search
[2009/03/30 15:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\parkerc\Application Data\Windows Search
[2013/04/14 12:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/12 11:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/03/01 20:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/01/26 17:19:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/05/18 09:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dimdim
[2013/04/21 21:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/04/20 18:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/09/29 10:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/03/02 12:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAS
[2011/04/02 14:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2012/02/21 18:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2012/02/21 17:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/05/18 09:58:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC24C09C-7EEB-453C-869D-D0F805A32869}
[2013/04/22 00:40:57 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
[2013/04/22 00:40:57 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2013/04/22 00:40:57 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Signature Update.job
[2013/04/15 18:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS\Tasks\next.job
[2013/04/22 01:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
< End of report >
 

Attached Files

  • Attached File  OTL.txt   92.58KB   0 downloads


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 PM

Posted 26 April 2013 - 09:29 AM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive

Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 chassc

chassc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 26 April 2013 - 04:12 PM

I downloaded the programs, started the infected computer from the USB, ist screen asked me to select a language, I did, something ran, then the Wecome Screen you described came up. I selected File and expanded mnt, but the only options that I had were sda1 and sda2; I expanded both and they are definitely he PC's HHD's.

What is my next step?

 

Thanks for your assistance.



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 PM

Posted 26 April 2013 - 04:54 PM

while booted into xpud remove the usb and put it back in and then see if it get detected
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 chassc

chassc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 27 April 2013 - 03:29 AM

Great. That worked. Here is the report-

Sat Apr 27 05:08:32 UTC 2013
Driver report for /mnt/sda2/WINDOWS/system32/drivers
5d7be7b19e827125e016325334e58ff1 BANTExt.sys has NO Company Name!
e57b778208c783d8debab320c16a1b82 StarOpen.sys has NO Company Name!

6abb91494fe6c59089b9336452ab2ea3  ABP480N5.SYS
Microsoft Corporation

9859c0f6936e723e4892d7141b1327d5  acpiec.sys
Microsoft Corporation

8fd99680a539792a30e97944fdaecf17  acpi.sys
Microsoft Corporation

d80d1d73d1dbf38d0afe692c8bdc939a  ADIHdAud.sys
Analog Devices

9a11864873da202c996558b2106b0bbc  adpu160m.sys
Microsoft Corporation

8bed39e3c35d6a489438b8141717a557  aec.sys
Microsoft Corporation

1e44bc1e83d8fd2305f8d452db109cf9  afd.sys
Microsoft Corporation

08fd04aa961bdc77fb983f328334e3d7  AGP440.SYS
Microsoft Corporation

03a7e0922acfe1b07d5db2eeb0773063  AGPCPQ.SYS
Microsoft Corporation

c23ea9b5f46c7f7910db3eab648ff013  aha154x.sys
Microsoft Corporation

19dd0fb48b0c18892f70e2e7d61a1529  aic78u2.sys
Microsoft Corporation

b7fe594a7468aa0132deb03fb8e34326  aic78xx.sys
Microsoft Corporation

1140ab9938809700b46bb88e46d72a96  aliide.sys
Acer Laboratories

cb08aed0de2dd889a8a820cd8082d83c  ALIM1541.SYS
Microsoft Corporation

95b4fb835e28aa1336ceeb07fd5b9398  AMDAGP.SYS
Advanced Micro Devices

d7701d7e72243286cc88c9973d891057  amdk6.sys
Microsoft Corporation

8fce268cdbdd83b23419d1f35f42c7b1  amdk7.sys
Microsoft Corporation

79f5add8d24bd6893f2903a3e2f3fad6  amsint.sys
Microsoft Corporation

b5b8a80875c1dededa8b02765642c32f  arp1394.sys
Microsoft Corporation

69eb0cc7714b32896ccbfd5edcbea447  asc3350p.sys
Microsoft Corporation

5d8de112aa0254b907861e9e9c31d597  asc3550.sys
Advanced System Products

62d318e9a0c8fc9b780008e724283707  asc.sys
Advanced System Products

acee9813685f4a03ee5a160057dd61a8  Asfalrt.sys
Intel Corporation

b153affac761e7f5fcfa822b9c4e97bc  asyncmac.sys
Microsoft Corporation

9f3a2f5aa6875c72bf062c712cfa2674  atapi.sys
Microsoft Corporation

9916c1225104ba14794209cfa8012159  atmarpc.sys
Microsoft Corporation

39a0a59180f19946374275745b21aeba  atmepvc.sys
Microsoft Corporation

ae76348a2605fb197fa8ff1d6f547836  atmlane.sys
Microsoft Corporation

e7ef69b38d17ba01f914ae8f66216a38  atmuni.sys
Microsoft Corporation

d9f724aa26c010a217c97606b160ed68  audstub.sys
Microsoft Corporation

ef67527cc2ad77d22ab1405c6470407e  avgidsdriverx.sys
AVG Technologies

61a7e0b02f82cff3db2445bbe50b3589  avgidsfilterx.sys
AVG Technologies

d63d83659eedf60b3a3e620281a888e5  avgidshx.sys
AVG Technologies

baf975b72062f53d327788e99d64197e  avgidsshimx.sys
AVG Technologies

6671345a6e2669af1966baf68ec5620f  avgldx86.sys
AVG Technologies

ccdd61545aaea265977e4b1efdc74e8c  avgmfx86.sys
AVG Technologies

1fd90b28d2c3100bf4500199c8ad6358  avgrkx86.sys
AVG Technologies

1647c720358dcc98acf51e597c461c4d  avgtdix.sys
AVG Technologies

cae7b6e4d7eb17829c526153d19b9c95  avgtpx86.sys
AVG Technologies

5d7be7b19e827125e016325334e58ff1  BANTExt.sys

da1f27d85e0d1525f6621372e7b685e9  beep.sys
Microsoft Corporation

f934d1b230f84e1d19dd00ac5a7a83ed  bridge.sys
Microsoft Corporation

662bfd909447dd9cc15b1a1c366583b4  bthport.sys
Microsoft Corporation

90a673fc8e12a79afbed2576f6a7aaf9  cbidf2k.sys
Microsoft Corporation

f3ec03299634490e97bbce94cd2954c7  cd20xrnt.sys
Microsoft Corporation

c1b486a7658353d33a10cc15211a873b  cdaudio.sys
Microsoft Corporation

c885b02847f5d2fd45a24e219ed93b32  cdfs.sys
Microsoft Corporation

837eef65af62d4e8a37c41d3879f7274  cdr4_xp.sys
Sonic Solutions

579da2f9f5401f55dae2cf8779d61dfc  cdralw2k.sys
Sonic Solutions

4b0a100eaf5c49ef3cca8c641431eacc  cdrom.sys
Microsoft Corporation

b562592b7f5759c99e179ca467ecfb4c  cinemst2.sys
Ravisent Technologies

fe47dd8fe6d7768ff94ebec6c74b2719  classpnp.sys
Microsoft Corporation

e5dcb56c533014ecbc556a8357c929d5  cmdide.sys
CMD Technology

3ee529119eed34cd212a215e8c40d4b6  cpqarray.sys
Microsoft Corporation

9624293e55ad405415862b504ca95b73  cpqdap01.sys
Compaq Computer Corp

f50d9bdbb25cce075e514dc07472a22f  crusoe.sys
Microsoft Corporation

e550e7418984b65a78299d248f0a7f36  dac2w2k.sys
Mylex Corporation

683789caa3864eb46125ae86ff677d34  dac960nt.sys
Microsoft Corporation

d8cd6a2a94f545858eec6117f0d5dff4  dfmirage.sys
H`,,VS_VERSION_INFODD?"StringFileInfofB>CompanyNameDemoForge,LLCDFileDescriptionMirageDriver>FileVersion.(build)vInternalNamedfummd.sysr'LegalCopyrightDemoForge,LLC.Allrightsreserved.>vOriginalFilenamedfummd.sysPrivateBuild<ProductNameMirageDriverBProductVersion.(build)DVarFileInfo$Translation*

e65e2353a5d74ea89971cb918eeeb2f6  diskdump.sys
Microsoft Corporation

044452051f3e02e7963599fc8f4f3e25  disk.sys
Microsoft Corporation

a0500678a33802d8954153839301d539  DLABMFSM.SYS
Roxio

b8d2f68cac54d46281399f9092644794  DLABOIOM.SYS
Roxio

0ee93ab799d1cb4ec90b36f3612fe907  DLACDBHM.SYS
Roxio

87413b94ae1fabc117c4e8ae6725134e  DLADResM.SYS
Roxio

766a148235be1c0039c974446e4c0edc  DLAIFS_M.SYS
Roxio
Roxio

38267cca177354f1c64450a43a4f7627  DLAOPIOM.SYS
Roxio

fd363369fd313b46b5aeab1a688b52e9  DLAPoolM.SYS
Roxio
Roxio

336ae18f0912ef4fbe5518849e004d74  DLARTL_M.SYS
Roxio

fd85f682c1cc2a7ca878c7a448e6d87e  DLAUDFAM.SYS
Roxio

af389ce587b6bf5bbdcd6f6abe5eabc0  DLAUDF_M.SYS
Roxio

d992fe1274bde0f84ad826acae022a41  dmboot.sys
Microsoft Corp

7c824cf7bbde77d95c08005717a95f6f  dmio.sys
Microsoft Corp

e9317282a63ca4d188c0df5e09c6ac5f  dmload.sys
Microsoft Corp

8a208dfcf89792a484e76c40e5f50b45  DMusic.sys
Microsoft Corporation

40f3b93b4e5b0126f2f5c0a7a5e22660  dpti2o.sys
Microsoft Corporation

8f5fcff8e8848afac920905fbd9d33c8  drmkaud.sys
Microsoft Corporation

6cb08593487f5701d2d2254e693eafce  drmk.sys
Microsoft Corporation

5d3b71bb2bb0009d65d290e2ef374bd3  DRVMCDB.SYS
Sonic Solutions

c591ba9f96f40a1fd6494dafdcd17185  DRVNDDM.SYS
Roxio

fe97d0343acfdebdd578fc67cc91fa87  dxapi.sys
Microsoft Corporation

ac7280566a7bb85cb3291f04ddc1198e  dxg.sys
Microsoft Corporation

a73f5d6705b1d820c19b18782e176efd  dxgthk.sys
Microsoft Corporation

d60759140694150360bbefd9cab7c920  e1k5132.sys
Intel Corporation

38d332a6d56af32635675f132548343e  fastfat.sys
Microsoft Corporation

92cdd60b6730b9f50f6a1a0c1f8cdc81  fdc.sys
Microsoft Corporation

d45926117eb9fa946a6af572fbe1caa3  fips.sys
Microsoft Corporation

9d27e7b80bfcdf1cdd9b555862d5e7f0  flpydisk.sys
Microsoft Corporation

b2cf4b0786f8212cb92ed2b50c6db6b0  fltMgr.sys
Microsoft Corporation

3e1e2bd4f39b0e2b7dc4f4d2bcc2779a  fs_rec.sys
Microsoft Corporation

455f778ee14368468560bd7cb8c854d0  fsvga.sys
Microsoft Corporation

6ac26732762483366c3969c9e4d2259d  ftdisk.sys
Microsoft Corporation

573c7d0a32852b48f3058cfd8026f511  hdaudbus.sys
Windows Server DDK provider

e4a123ad734a3731d29ebd3a01b3e535  HECI.sys
Intel Corporation

1af592532532a402ed7c060f6954004f  hidclass.sys
Microsoft Corporation

96eccf28fdbf1b2cc12725818a63628d  hidparse.sys
Microsoft Corporation

ccf82c5ec8a7326c3066de870c06daf1  hidusb.sys
Microsoft Corporation

b028377dea0546a5fcfba928a8aefae0  hpn.sys
Microsoft Corporation

dad6fbbef67001b404053d221ec0e8d4  hppaufd0.sys
HP

d03d10f7ded688fecf50f8fbf1ea9b8a  HPZid412.sys
HP

89f41658929393487b6b7d13c8528ce3  HPZipr12.sys
HP

abcb05ccdbf03000354b9553820e39f8  HPZius12.sys
HP

f80a415ef82cd06ffaf0d971528ead38  http.sys
Microsoft Corporation

9368670bd426ebea5e8b18a62416ec28  i2omgmt.sys
Microsoft Corporation

f10863bf1ccc290babd1a09188ae49e0  i2omp.sys
Microsoft Corporation

707c1692214b1c290271067197f075f6  iaStor.sys
Intel Corporation

9acb03875cfe068d5cc0e98fb2cf7017  igxpmp32.sys
Intel Corporation

083a052659f5310dd8b6a6cb05edcf8e  imapi.sys
Microsoft Corporation

4a40e045faee58631fd8d91afc620719  ini910u.sys
Microsoft Corporation

b5466a9250342a7aa0cd1fba13420678  intelide.sys
Microsoft Corporation

8c953733d8f36eb2133f5bb58808b66b  intelppm.sys
Microsoft Corporation

3bb22519a194418d5fec05d800a19ad0  ip6fw.sys
Microsoft Corporation

9ea02e03ed52d25551a6e46cf3b94b01  ipfilter.sys
Microsoft Corporation

731f22ba402ee4b62748adaf6363c182  ipfltdrv.sys
Microsoft Corporation

b87ab476dcf76e72010632b5550955f5  ipinip.sys
Microsoft Corporation

cc748ea12c6effde940ee98098bf96bb  ipnat.sys
Microsoft Corporation

23c74d75e36e7158768dd63d92789a91  ipsec.sys
Microsoft Corporation

03ca886ba148b6b9996be1368ddc3fc0  iqvw32.sys
Intel Corporation

c93c9ff7b04d772627a3646d89f7bf89  irenum.sys
Microsoft Corporation

05a299ec56e52649b1cf2fc52d20f2d7  isapnp.sys
Microsoft Corporation

463c1ec80cd17420a542b7f36a36f128  kbdclass.sys
Microsoft Corporation

9ef487a186dea361aa06913a75b3fa99  kbdhid.sys
Microsoft Corporation

692bcf44383d056aed41b045a323d378  kmixer.sys
Microsoft Corporation

b467646c54cc746128904e1654c750c1  ksecdd.sys
Microsoft Corporation

0753515f78df7f271a5e61c20bcd36a1  ks.sys
Microsoft Corporation

4470e3c1e0c3378e4cab137893c12c3a  mbam.sys
Malwarebytes Corporation

d1f8be91ed4ddb671d42e473e3fe71ab  mcd.sys
Microsoft Corporation

a7da20ab18a1bdae28b0f349e57da0d1  mf.sys
Microsoft Corporation

4ae068242760a1fb6e1a44bf4e16afa6  mnmdd.sys
Microsoft Corporation

dfcbad3cec1c5f964962ae10e0bcc8e1  modem.sys
Microsoft Corporation

35c9e97194c8cfb8430125f8dbc34d04  mouclass.sys
Microsoft Corporation

b1c303e17fb9d46e87a98e4ba6769685  mouhid.sys
Microsoft Corporation

a80b9a0bad1b73637dbcbba7df72d3fd  mountmgr.sys
Microsoft Corporation

356842aac621ab40f18992c01a590f71  MpFilter.sys
Microsoft Corporation

70c14f5cca5cf73f8a645c73a01d8726  mqac.sys
Microsoft Corporation

3f4bb95e5a44f3be34824e8e7caf0737  mraid35x.sys
American Megatrends

11d42bb6206f33fbb3ba0288d3ef81bd  mrxdav.sys
Microsoft Corporation

7d304a5eb4344ebeeab53a2fe3ffb9f0  mrxsmb.sys
Microsoft Corporation

c941ea2454ba8350021d774daf0f1027  msfs.sys
Microsoft Corporation

0a02c63c8b144bd8c86b103dee7c86a2  msgpc.sys
Microsoft Corporation

d1575e71568f4d9e14ca56b7b0453bf1  MSKSSRV.sys
Microsoft Corporation

325bb26842fc7ccc1fcce2c457317f3e  MSPCLOCK.sys
Microsoft Corporation

bad59648ba099da4a17680b39730cb3d  MSPQM.sys
Microsoft Corporation

af5f4f3f14a8ea2c26de30f7a1e17136  mssmbios.sys
Microsoft Corporation

de6a75f5c270e756c5508d94b6cf68f5  mup.sys
Microsoft Corporation

1df7f42665c94b825322fae71721130d  ndis.sys
Microsoft Corporation

0109c4f3850dfbab279542515386ae22  ndistapi.sys
Microsoft Corporation

f927a4434c5028758a842943ef1a3849  ndisuio.sys
Microsoft Corporation

edc1531a49c80614b2cfda43ca8659ab  ndiswan.sys
Microsoft Corporation

9282bd12dfb069d3889eb3fcc1000a9b  ndproxy.sys
Microsoft Corporation

5d81cf9a2f1a3a756b66cf684911cdf0  netbios.sys
Microsoft Corporation

74b2b2f5bea5e9a3dc021d685551bd3d  netbt.sys
Microsoft Corporation

e9e47cfb2d461fa0fc75b7a74c6383ea  nic1394.sys
Microsoft Corporation

be984d604d91c217355cdd3737aad25d  nikedrv.sys
Diamond Multimedia Systems

1e421a6bcf2203cc61b821ada9de878b  nmnt.sys
Microsoft Corporation

3182d64ae053d6fb034f44b6def8034a  npfs.sys
Microsoft Corporation

78a08dd6a8d65e697c18e1db01c5cdca  ntfs.sys
Microsoft Corporation

73c1e1f395918bc2c6dd67af7591a3ad  null.sys
Microsoft Corporation

a1129753f45b79e29cb0766713087d4e  nv4_mini.sys
NVIDIA Corporation

b305f3fad35083837ef46a0bbce2fc57  nwlnkflt.sys
Microsoft Corporation

c99b3415198d1aab7227f2c88fd664b9  nwlnkfwd.sys
Microsoft Corporation

8b8b1be2dba4025da6786c645f77f123  nwlnkipx.sys
Microsoft Corporation

56d34a67c05e94e16377c60609741ff8  nwlnknb.sys
Microsoft Corporation

c0bb7d1615e1acbdc99757f6ceaf8cf0  nwlnkspx.sys
Microsoft Corporation

36b9b950e3d2e100970a48d8bad86740  nwrdr.sys
Microsoft Corporation

4bb30ddc53ebc76895e38694580cdfe9  oprghdlr.sys
Microsoft Corporation

c90018bafdc7098619a4a95b046b30f3  p3.sys
Microsoft Corporation

5575faf8f97ce5e713d108c2a58d7c7c  parport.sys
Microsoft Corporation

beb3ba25197665d82ec7065b724171c6  partmgr.sys
Microsoft Corporation

70e98b3fd8e963a6a46a2e6247e0bea1  parvdm.sys
Microsoft Corporation

ccf5f451bb1a5a2a522a76e670000ff0  pciide.sys
Microsoft Corporation

52e60f29221d0d1ac16737e8dbf7c3e9  pciidex.sys
Microsoft Corporation

a219903ccf74233761d92bef471a07b1  pci.sys
Microsoft Corporation

9e89ef60e9ee05e3f2eef2da7397f1c1  pcmcia.sys
Microsoft Corporation

f50f7c27f131afe7beba13e14a3b9416  perc2hib.sys
Microsoft Corporation

6c14b9c19ba84f73d3a86dba11133101  perc2.sys
Microsoft Corporation

e82a496c3961efc6828b508c310ce98f  portcls.sys
Microsoft Corporation

a32bebaf723557681bfc6bd93e98bd26  processr.sys
Microsoft Corporation

09298ec810b07e5d582cb3a3f9255424  psched.sys
Microsoft Corporation

80d317bd1c3dbc5d4fe7b1678c60cadd  ptilink.sys
 Parallel Technologies

49452bfcec22f36a7a9b9c2181bc3042  pxhelp20.sys
Sonic Solutions

0a63fb54039eb5662433caba3b26dba7  ql1080.sys
QLogic Corporation

6503449e1d43a0ff0201ad5cb1b8c706  ql10wnt.sys
Microsoft Corporation

156ed0ef20c15114ca097a34a30d8a01  ql12160.sys
QLogic Corporation

70f016bebde6d29e864c1230a07cc5e6  ql1240.sys
Microsoft Corporation

907f0aeea6bc451011611e732bd31fcf  ql1280.sys
QLogic Corporation

3e6c223d2372502cae5c93dc1d7b654e  RapportKELL.sys
StringFileInfob<CompanyNameTrusteerLtd.bProductNameRapport<nFileDescriptionRapportKE:rFileVersion...t(LegalCopyright©TrusteerLtd.Allrightsreserved.nInternalNameRapportKEHOriginalFilenameRapportKELL.sys(bCodeNameEmerald>rProductVersion...ZBuildFlavor...-standard-releaseBuildConfigDVarFileInfo$Translationt|

fe0d99d6f31e4fad8159f690d68ded9c  rasacd.sys
Microsoft Corporation

11b4a627bc9614b885c4969bfa5ff8a6  rasl2tp.sys
Microsoft Corporation

5bc962f2654137c9909c3d4603587dee  raspppoe.sys
Microsoft Corporation

efeec01b1d3cf84f16ddd24d9d9d8f99  raspptp.sys
Microsoft Corporation

fdbb1d60066fcfbb7452fd8f9829b242  raspti.sys
Microsoft Corporation

01524cd237223b18adbb48f70083f101  rawwan.sys
Microsoft Corporation

7ad224ad1a1437fe28d89cf22b17780a  rdbss.sys
Microsoft Corporation

4912d5b403614ce99c28420f75353332  rdpcdd.sys
Microsoft Corporation

15cabd0f7c00c47c70124907916af3f1  rdpdr.sys
Microsoft Corporation

43af5212bd8fb5ba6eed9754358bd8f7  rdpwd.sys
Microsoft Corporation

f828dd7e1419b6653894a8f97a0094c5  redbook.sys
Microsoft Corporation

3a5633ad615e2b15291bd0b1b97ccd8a  RimSerial.sys
Research in Motion

4f4a4c09cc5be58a76cac1c337e004e6  RimUsb.sys
tH`VS_VERSION_INFO?StringFileInfobVCompanyNameResearchInMotionLimitedZFileDescriptionBlackBerryDeviceDrivertFileVersion....aInternalNameRimUsbx*LegalCopyrightCopyrightResearchInMotionLimited(LegalTrademarks<nOriginalFilenameRimUsb.rcRProductNameBlackBerryDeviceDrivertProductVersion...DVarFileInfo$Translationt*

a56fe08ec7473e8580a390bb1081cdd7  rio8drv.sys
Diamond Multimedia Systems

0a854df84c77a0be205bfeab2ae4f0ec  riodrv.sys
Diamond Multimedia Systems

96f7a9a7bf0c9c0440a967440065d33c  rmcast.sys
Microsoft Corporation

601844cbcf617ff8c868130ca5b2039d  rndismp.sys
Microsoft Corporation

d8b0b4ade32574b2d9c5cc34dc0dbbe7  rootmdm.sys
Microsoft Corporation

76c465f570e90c28942d52ccb2580a10  scsiport.sys
Microsoft Corporation

8d04819a3ce51b9eb47e5689b44d43c4  sdbus.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677  secdrv.sys
Macrovision Corporation

0f29512ccd6bead730039fb4bd2c85ce  serenum.sys
Microsoft Corporation

cca207a8896d4c6a0c9ce29a4ae411a7  serial.sys
Microsoft Corporation

b6401608579b6431994425ba7653f774  sfaudio.sys
tH`VS_VERSION_INFOtt?tdStringFileInfo@bVCommentsSonicFocusDSPdriverforADIBCompanyNameSonicFocus,IncfFileDescriptionSonicFocusDSPdriverforADItFileVersion...bInternalNamesfaudio.sysv)LegalCopyrightCopyright©-SonicFocusInc.(LegalTrademarks@bOriginalFilenamesfaudio.sysPrivateBuild^ProductNameSonicFocusDSPdriverforADItProductVersion...SpecialBuildDVarFileInfo$Translationt*

0fa803c64df0914b41f807ea276bf2a6  sffdisk.sys
Microsoft Corporation

d66d22d76878bf3483a6be30183fb648  sffp_mmc.sys
Microsoft Corporation

c17c331e435ed8737525c86a7557b3ac  sffp_sd.sys
Microsoft Corporation

8e6b8c671615d126fdc553d1e2de5562  sfloppy.sys
Microsoft Corporation

6b33d0ebd30db32e27d1d78fe946a754  SISAGP.SYS
Silicon Integrated Systems

017daecf0ed3aa731313433601ec40fa  smclib.sys
Microsoft Corporation

489703624dac94ed943c2abda022a1cd  sonydcam.sys
Microsoft Corporation

83c0f71f86d3bdaf915685f3d568b20e  sparrow.sys
Adaptec

ab8b92451ecb048a4d1de7c3ffcb4a9f  splitter.sys
Microsoft Corporation

76bb022c2fb6902fd5bdd4f78fc13a5d  sr.sys
Microsoft Corporation

47ddfc2f003f7f9f0592c6874962a2e7  srv.sys
Microsoft Corporation

e57b778208c783d8debab320c16a1b82  StarOpen.sys

3e5d89099ded9e86e5639f411693218f  stream.sys
Microsoft Corporation

3941d127aef12e93addf6fe6ee027e0f  swenum.sys
Microsoft Corporation

8ce882bcc6cf8a62f2b2323d95cb3d01  swmidi.sys
Microsoft Corporation

1ff3217614018630d0a6758630fc698c  symc810.sys
Symbios Logic

070e001d95cf725186ef8b20335f933c  symc8xx.sys
LSI Logic

80ac1c4abbe2df3b738bf15517a51f2c  sym_hi.sys
LSI Logic

bf4fab949a382a8e105f46ebb4937058  sym_u3.sys
LSI Logic

8b83f3ed0f1688b4958f77cd6d2bf290  sysaudio.sys
Microsoft Corporation

fd6093e3decd925f1cffc8a0dd539d72  tape.sys
Microsoft Corporation

4e53bbcc4be37d7a4bd6ef1098c89ff7  tcpip6.sys
Microsoft Corporation

9aefa14bd6b182d61e3119fa5f436d3d  tcpip.sys
Microsoft Corporation

0539d5e53587f82d1b4fd74c5be205cf  tdi.sys
Microsoft Corporation

6471a66807f5e104e4885f5b67349397  tdpipe.sys
Microsoft Corporation

c56b6d0402371cf3700eb322ef3aaf61  tdtcp.sys
Microsoft Corporation

88155247177638048422893737429d9e  termdd.sys
Microsoft Corporation

699450901c5ccfd82357cbc531cedd23  tosdvd.sys
Microsoft Corporation

f2790f6af01321b172aa62f8e1e187d9  toside.sys
Microsoft Corporation

d74a8ec75305f1d3cfde7c7fc1bd62a9  tsbvcap.sys
Toshiba Corporation

8f861eda21c05857eb8197300a92501c  tunmp.sys
Microsoft Corporation

5787b80c2e3c5e2f56c2a233d91fa2c9  udfs.sys
Microsoft Corporation

1b698a51cd528d8da4ffaed66dfc51b9  ultra.sys
Promise Technology
Promise Technology
Promise Technology
Promise Technology
Promise Technology

402ddc88356b1bac0ee3dd1580c76a31  update.sys
Microsoft Corporation

2a7a8ad9d39a2faf9d9293b5daff3a4b  usb8023.sys
Microsoft Corporation

ce97845d2e3f0d274b8bac1ed07c6149  usbcamd2.sys
Microsoft Corporation

1c1a47b40c23358245aa8d0443b6935e  usbcamd.sys
Microsoft Corporation

173f317ce0db8e21322e71b7e60a27e8  usbccgp.sys
Microsoft Corporation

596eb39b50d6ebd9b734dc4ae0544693  usbd.sys
Microsoft Corporation

65dcf09d0e37d4c6b11b5b0b76d470a7  usbehci.sys
Microsoft Corporation

1ab3cdde553b6e064d2e754efe20285c  usbhub.sys
Microsoft Corporation

290913dc4f1125e5a82de52579a44c43  usbintel.sys
Microsoft Corporation

791912e524cc2cc6f50b5f2b52d1eb71  usbport.sys
Microsoft Corporation

a717c8721046828520c9edf31288fc00  usbprint.sys
Microsoft Corporation

a0b8cf9deb1184fbdd20784a58fa75d4  usbscan.sys
Microsoft Corporation

a32426d9b14a089eaa1d922e0c5801a9  USBSTOR.SYS
Microsoft Corporation

26496f9dee2d787fc3e61ad54821ffe6  usbuhci.sys
Microsoft Corporation

55e01061c74a8cefff58dc36114a8d3f  vdmindvd.sys
Ravisent Technologies

0d3a8fafceacd8b7625cd549757a7df1  vga.sys
Microsoft Corporation

754292ce5848b3738281b4f3607eaef4  VIAAGP.SYS
Microsoft Corporation

3b3efcda263b8ac14fdf9cbdd0791b2e  viaide.sys
Microsoft Corporation

e28726b72c46821a28830e077d39a55b  videoprt.sys
Microsoft Corporation

4c8fcb5cc53aab716d810740fe59d025  volsnap.sys
Microsoft Corporation

e20b95baedb550f32dd489265c1da1f6  wanarp.sys
Microsoft Corporation

d6efaf429fd30c5df613d220e344cce7  wdcsam.sys
tH'$$VS_VERSION_INFOaStringFileInfo`bZCompanyNameWesternDigitalTechnologiesz+LegalCopyright©-WesternDigitalTechnologiesx(FileDescriptionWDSCSIArchitectureModel(SAM)drivervFileVersion,,,vInternalNameSAMdriver>vOriginalFilenamewdcsam.sysHProductNameWDExternalStorageDVarFileInfo$Translationt*

d918617b46457b9ac28027722e30f647  wdf01000.sys
Microsoft Corporation

399c974dda25fd3e59f22bab787f662b  wdfldr.sys
Microsoft Corporation

6768acf64b18196494413695f0c3a00f  wdmaud.sys
Microsoft Corporation

c1c748875ddcf61999d2e4ae8352bba4  windrvr.sys
tHLVS_VERSION_INFO?taBStringFileInfoB,CompanyNameJungobFileDescriptionWinDriverDeviceDriver.*FileVersion.bInternalNamewindrvr.sysRLegalCopyrightCopyrightJungo@bOriginalFilenamewindrvr.sysPProductNameWinDriverDeviceDriver.ProductVersion.DVarFileInfo$Translationt

c42584fd66ce9e17403aebca199f7bdb  wmiacpi.sys
Microsoft Corporation

2f31b7f954bed437f2c75026c65caf7b  wmilib.sys
Microsoft Corporation

cf4def1bf66f06964dc0d91844239104  wpdusb.sys
Microsoft Corporation

6abe6e225adb5a751622a9cc3bc19ce8  ws2ifsl.sys
Microsoft Corporation

f15feafffbb3644ccc80c5da584e6311  WudfPf.sys
Microsoft Corporation

28b524262bce6de1f7ef9f510ba3985b  WudfRd.sys
Microsoft Corporation

 

 

 

 



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 PM

Posted 27 April 2013 - 03:48 AM

Download http://noahdfear.net/downloads/rst.sh to the USB drive
  • Boot the Sick computer with the USB drive again
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located at sdb1 named enum.log
  • Plug that USB back into the clean computer and open it
Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.

Please also note - all text entries are case sensitive

Copy and paste the enum.log for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 chassc

chassc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 27 April 2013 - 11:12 AM

enmu.log results

50.0M Apr 26 10:16 /mnt/sda2/WINDOWS/system32/config/software
7.5M Apr 26 09:00 /mnt/sda2/WINDOWS/system32/config/system

49.0M Mar 30 23:05 /sda2/~/RP1081/~SOFTWARE
49.0M Mar 31 23:54 /sda2/~/RP1082/~SOFTWARE
49.0M Apr  4 03:06 /sda2/~/RP1083/~SOFTWARE
49.0M Apr  5 03:34 /sda2/~/RP1084/~SOFTWARE
49.0M Apr  8 03:43 /sda2/~/RP1085/~SOFTWARE
49.0M Apr  9 04:38 /sda2/~/RP1086/~SOFTWARE
49.0M Apr 13 16:19 /sda2/~/RP1087/~SOFTWARE
49.2M Apr 13 17:39 /sda2/~/RP1088/~SOFTWARE
49.2M Apr 13 21:26 /sda2/~/RP1089/~SOFTWARE
49.5M Apr 14 11:17 /sda2/~/RP1090/~SOFTWARE
49.6M Apr 14 11:22 /sda2/~/RP1091/~SOFTWARE
49.6M Apr 14 23:23 /sda2/~/RP1092/~SOFTWARE
49.6M Apr 15 11:22 /sda2/~/RP1093/~SOFTWARE
49.6M Apr 15 15:02 /sda2/~/RP1094/~SOFTWARE
49.6M Apr 15 16:15 /sda2/~/RP1095/~SOFTWARE
49.6M Apr 19 04:49 /sda2/~/RP1097/~SOFTWARE
49.7M Apr 20 22:20 /sda2/~/RP1098/~SOFTWARE
49.8M Apr 22 00:22 /sda2/~/RP1099/~SOFTWARE
49.8M Apr 22 01:11 /sda2/~/RP1100/~SOFTWARE
49.0M Mar  7 04:19 /sda2/~/RP1060/~SOFTWARE
49.0M Mar  8 04:57 /sda2/~/RP1061/~SOFTWARE
49.0M Mar  9 18:19 /sda2/~/RP1062/~SOFTWARE
49.0M Mar 10 21:22 /sda2/~/RP1063/~SOFTWARE
49.0M Mar 11 22:21 /sda2/~/RP1064/~SOFTWARE
49.0M Mar 12 22:54 /sda2/~/RP1065/~SOFTWARE
49.0M Mar 13 23:54 /sda2/~/RP1066/~SOFTWARE
49.0M Mar 15 00:54 /sda2/~/RP1067/~SOFTWARE
49.0M Mar 16 01:17 /sda2/~/RP1068/~SOFTWARE
49.0M Mar 17 01:33 /sda2/~/RP1069/~SOFTWARE
49.0M Mar 18 02:16 /sda2/~/RP1070/~SOFTWARE
49.0M Mar 19 02:47 /sda2/~/RP1071/~SOFTWARE
49.0M Mar 20 03:15 /sda2/~/RP1072/~SOFTWARE
49.0M Mar 21 03:46 /sda2/~/RP1073/~SOFTWARE
49.0M Mar 22 04:46 /sda2/~/RP1074/~SOFTWARE
49.0M Mar 23 05:46 /sda2/~/RP1075/~SOFTWARE
49.0M Mar 24 16:17 /sda2/~/RP1076/~SOFTWARE
49.0M Mar 26 06:10 /sda2/~/RP1077/~SOFTWARE
49.0M Mar 27 06:18 /sda2/~/RP1078/~SOFTWARE
49.0M Mar 28 06:33 /sda2/~/RP1079/~SOFTWARE
49.0M Jan 22 04:01 /sda2/~/RP1020/~SOFTWARE
49.0M Jan 24 06:59 /sda2/~/RP1021/~SOFTWARE
49.0M Jan 25 07:17 /sda2/~/RP1022/~SOFTWARE
49.0M Jan 26 08:17 /sda2/~/RP1023/~SOFTWARE
49.0M Jan 27 09:17 /sda2/~/RP1024/~SOFTWARE
49.0M Jan 28 10:18 /sda2/~/RP1025/~SOFTWARE
49.0M Jan 30 05:37 /sda2/~/RP1026/~SOFTWARE
49.0M Jan 31 06:21 /sda2/~/RP1027/~SOFTWARE
49.0M Feb  1 06:23 /sda2/~/RP1028/~SOFTWARE
49.0M Feb  2 07:23 /sda2/~/RP1029/~SOFTWARE
49.0M Feb  3 09:09 /sda2/~/RP1030/~SOFTWARE
49.0M Feb  4 09:23 /sda2/~/RP1031/~SOFTWARE
49.0M Feb  5 12:09 /sda2/~/RP1032/~SOFTWARE
49.0M Feb  8 02:03 /sda2/~/RP1034/~SOFTWARE
49.0M Feb  9 02:44 /sda2/~/RP1035/~SOFTWARE
49.0M Feb 10 03:44 /sda2/~/RP1036/~SOFTWARE
49.0M Feb 11 03:58 /sda2/~/RP1037/~SOFTWARE
49.0M Feb 12 04:44 /sda2/~/RP1038/~SOFTWARE
49.0M Feb 13 08:08 /sda2/~/RP1039/~SOFTWARE
49.0M Feb 14 08:42 /sda2/~/RP1040/~SOFTWARE
49.0M Feb 15 09:42 /sda2/~/RP1041/~SOFTWARE
49.0M Feb 16 10:42 /sda2/~/RP1042/~SOFTWARE
49.0M Feb 17 11:42 /sda2/~/RP1043/~SOFTWARE
49.0M Feb 17 07:49 /sda2/~/RP1044/~SOFTWARE
49.0M Feb 18 09:01 /sda2/~/RP1045/~SOFTWARE
49.0M Feb 19 09:06 /sda2/~/RP1046/~SOFTWARE
49.0M Feb 20 09:36 /sda2/~/RP1047/~SOFTWARE
49.0M Feb 21 10:36 /sda2/~/RP1048/~SOFTWARE
49.0M Feb 22 11:36 /sda2/~/RP1049/~SOFTWARE
49.0M Feb 23 12:36 /sda2/~/RP1050/~SOFTWARE
49.0M Feb 25 00:51 /sda2/~/RP1051/~SOFTWARE
49.0M Feb 26 01:23 /sda2/~/RP1052/~SOFTWARE
49.0M Feb 27 02:08 /sda2/~/RP1053/~SOFTWARE
49.0M Feb 28 05:01 /sda2/~/RP1054/~SOFTWARE
49.0M Mar  1 05:33 /sda2/~/RP1055/~SOFTWARE
49.0M Mar  2 06:33 /sda2/~/RP1056/~SOFTWARE
49.0M Mar  3 06:34 /sda2/~/RP1057/~SOFTWARE
49.0M Mar  4 07:14 /sda2/~/RP1058/~SOFTWARE
49.0M Feb  6 12:47 /sda2/~/RP1033/~SOFTWARE
49.0M Mar  6 04:02 /sda2/~/RP1059/~SOFTWARE
49.0M Mar 29 08:04 /sda2/~/RP1080/~SOFTWARE
6.9M Mar 30 23:05 /sda2/~/RP1081/~SYSTEM
6.9M Mar 31 23:54 /sda2/~/RP1082/~SYSTEM
6.9M Apr  4 03:06 /sda2/~/RP1083/~SYSTEM
6.9M Apr  5 03:34 /sda2/~/RP1084/~SYSTEM
6.9M Apr  8 03:43 /sda2/~/RP1085/~SYSTEM
6.9M Apr  9 04:38 /sda2/~/RP1086/~SYSTEM
6.9M Apr 13 16:19 /sda2/~/RP1087/~SYSTEM
7.2M Apr 13 17:39 /sda2/~/RP1088/~SYSTEM
7.2M Apr 13 21:26 /sda2/~/RP1089/~SYSTEM
7.2M Apr 14 11:17 /sda2/~/RP1090/~SYSTEM
7.2M Apr 14 11:22 /sda2/~/RP1091/~SYSTEM
7.4M Apr 14 23:23 /sda2/~/RP1092/~SYSTEM
7.4M Apr 15 11:22 /sda2/~/RP1093/~SYSTEM
7.4M Apr 15 15:02 /sda2/~/RP1094/~SYSTEM
7.4M Apr 15 16:15 /sda2/~/RP1095/~SYSTEM
7.4M Apr 19 04:49 /sda2/~/RP1097/~SYSTEM
7.4M Apr 20 22:20 /sda2/~/RP1098/~SYSTEM
7.4M Apr 22 00:22 /sda2/~/RP1099/~SYSTEM
7.4M Apr 22 01:11 /sda2/~/RP1100/~SYSTEM
6.9M Mar  7 04:19 /sda2/~/RP1060/~SYSTEM
6.9M Mar  8 04:57 /sda2/~/RP1061/~SYSTEM
6.9M Mar  9 18:19 /sda2/~/RP1062/~SYSTEM
6.9M Mar 10 21:22 /sda2/~/RP1063/~SYSTEM
6.9M Mar 11 22:21 /sda2/~/RP1064/~SYSTEM
6.9M Mar 12 22:54 /sda2/~/RP1065/~SYSTEM
6.9M Mar 13 23:54 /sda2/~/RP1066/~SYSTEM
6.9M Mar 15 00:54 /sda2/~/RP1067/~SYSTEM
6.9M Mar 16 01:17 /sda2/~/RP1068/~SYSTEM
6.9M Mar 17 01:33 /sda2/~/RP1069/~SYSTEM
6.9M Mar 18 02:16 /sda2/~/RP1070/~SYSTEM
6.9M Mar 19 02:47 /sda2/~/RP1071/~SYSTEM
6.9M Mar 20 03:15 /sda2/~/RP1072/~SYSTEM
6.9M Mar 21 03:46 /sda2/~/RP1073/~SYSTEM
6.9M Mar 22 04:46 /sda2/~/RP1074/~SYSTEM
6.9M Mar 23 05:46 /sda2/~/RP1075/~SYSTEM
6.9M Mar 24 16:17 /sda2/~/RP1076/~SYSTEM
6.9M Mar 26 06:10 /sda2/~/RP1077/~SYSTEM
6.9M Mar 27 06:18 /sda2/~/RP1078/~SYSTEM
6.9M Mar 28 06:33 /sda2/~/RP1079/~SYSTEM
6.9M Jan 22 04:01 /sda2/~/RP1020/~SYSTEM
6.9M Jan 24 06:59 /sda2/~/RP1021/~SYSTEM
6.9M Jan 25 07:17 /sda2/~/RP1022/~SYSTEM
6.9M Jan 26 08:17 /sda2/~/RP1023/~SYSTEM
6.9M Jan 27 09:17 /sda2/~/RP1024/~SYSTEM
6.9M Jan 28 10:18 /sda2/~/RP1025/~SYSTEM
6.9M Jan 30 05:37 /sda2/~/RP1026/~SYSTEM
6.9M Jan 31 06:21 /sda2/~/RP1027/~SYSTEM
6.9M Feb  1 06:23 /sda2/~/RP1028/~SYSTEM
6.9M Feb  2 07:23 /sda2/~/RP1029/~SYSTEM
6.9M Feb  3 09:09 /sda2/~/RP1030/~SYSTEM
6.9M Feb  4 09:23 /sda2/~/RP1031/~SYSTEM
6.9M Feb  5 12:09 /sda2/~/RP1032/~SYSTEM
6.9M Feb  8 02:03 /sda2/~/RP1034/~SYSTEM
6.9M Feb  9 02:44 /sda2/~/RP1035/~SYSTEM
6.9M Feb 10 03:44 /sda2/~/RP1036/~SYSTEM
6.9M Feb 11 03:58 /sda2/~/RP1037/~SYSTEM
6.9M Feb 12 04:44 /sda2/~/RP1038/~SYSTEM
6.9M Feb 13 08:08 /sda2/~/RP1039/~SYSTEM
6.9M Feb 14 08:42 /sda2/~/RP1040/~SYSTEM
6.9M Feb 15 09:42 /sda2/~/RP1041/~SYSTEM
6.9M Feb 16 10:42 /sda2/~/RP1042/~SYSTEM
6.9M Feb 17 11:42 /sda2/~/RP1043/~SYSTEM
6.9M Feb 17 07:49 /sda2/~/RP1044/~SYSTEM
6.9M Feb 18 09:01 /sda2/~/RP1045/~SYSTEM
6.9M Feb 19 09:06 /sda2/~/RP1046/~SYSTEM
6.9M Feb 20 09:36 /sda2/~/RP1047/~SYSTEM
6.9M Feb 21 10:36 /sda2/~/RP1048/~SYSTEM
6.9M Feb 22 11:36 /sda2/~/RP1049/~SYSTEM
6.9M Feb 23 12:36 /sda2/~/RP1050/~SYSTEM
6.9M Feb 25 00:51 /sda2/~/RP1051/~SYSTEM
6.9M Feb 26 01:23 /sda2/~/RP1052/~SYSTEM
6.9M Feb 27 02:08 /sda2/~/RP1053/~SYSTEM
6.9M Feb 28 05:01 /sda2/~/RP1054/~SYSTEM
6.9M Mar  1 05:33 /sda2/~/RP1055/~SYSTEM
6.9M Mar  2 06:33 /sda2/~/RP1056/~SYSTEM
6.9M Mar  3 06:34 /sda2/~/RP1057/~SYSTEM
6.9M Mar  4 07:14 /sda2/~/RP1058/~SYSTEM
6.9M Feb  6 12:47 /sda2/~/RP1033/~SYSTEM
6.9M Mar  6 04:02 /sda2/~/RP1059/~SYSTEM
6.9M Mar 29 08:04 /sda2/~/RP1080/~SYSTEM

 



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 PM

Posted 27 April 2013 - 01:21 PM

Let's see if there is an available registry backup we can use to help get your computer booting properly
  • Boot the Sick computer with the USB drive again
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh -r
  • Type --> 1059 <--
  • Press Enter
  • After it has finished a report will be located at sdb1 named restore.log
  • Please try to boot into normal Windows now and indicate if you were successful
Please note - all text entries are case sensitive

Copy and paste the restore.log from your USB drive for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 chassc

chassc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 28 April 2013 - 12:27 PM

Tried to log in normal, back ground screen came up, but that was all, let it run all nite in hopes that it would eventually display icons, but it did not. Was able to start Win Task Manager, svchost.exe and MsMpEng.exe were highest users of CPU.  Restore.log follows 

 

SOFTWARE hive restored from RP1059
SYSTEM hive restored from RP1059
SECURITY hive restored from RP1059
SAM hive restored from RP1059
 

Really appreciate your help.

 



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 PM

Posted 28 April 2013 - 03:01 PM

Hello

Have you tried to start in safe mode?

open task manager and select file--> new task--> type in explorer.exe and press eneter
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 chassc

chassc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 28 April 2013 - 07:41 PM

Tried to start in safe mode. Said my password was invalid.For the heck of it, I manually turn PC off. Tried normal boot, got my back ground screen as before, then it turned to white. Did ctrl-alt-delete,Back ground screen came up and the Windows security screen, selected task manager, white screen again. Did ctrl-alt-delete again, bk grnd & Win Security, selected reboot. There were obviously some programs that that ran as msgs came up saying some process was ending, msh came up saying Easyshare (Kodak app) was ending, X.d it, and all my icons came up. Able to open task mgr, Windows explorer works.  What is next?



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 PM

Posted 28 April 2013 - 08:31 PM


Hello chassc

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users