15 replies to this topic

[quilter]

I let a co-worker use my HP laptop and now all of a sudden I got WINDOWS RESTORE something. It would not let me do anything. I read where I could use safemode with networking and run malwarebytes. I did and was able to run malwarebytes and it removed the trojan. Could you look and see if everything is gone. The computer runs great and it is fast like it was before it got the trojan. I could not run the gmer thing. Here are the other logs.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by ME at 18:34:27.63 on Fri 04/08/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2494.1600 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\ME\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {17BB25AB-E86F-4701-A66D-8B52FF9A2F0E} = 66.174.95.44 69.78.96.14
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl6c880036;MpKsl6c880036;c:\programdata\microsoft\microsoft antimalware\definition updates\{4c135aa0-022d-4040-9159-940dcae529bb}\MpKsl6c880036.sys [2011-4-8 28752]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-12-21 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-12-21 47640]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-2 136176]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-08 23:04:27 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{4c135aa0-022d-4040-9159-940dcae529bb}\MpKsl6c880036.sys
2011-04-08 22:41:51 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{4490431c-08fc-4478-87dd-eb63eec228a7}\gapaengine.dll
2011-04-08 22:41:40 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{4c135aa0-022d-4040-9159-940dcae529bb}\mpengine.dll
2011-03-25 21:04:39 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-03-23 00:34:43 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 00:34:43 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 00:34:43 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 18:35:12.82 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/11/2007 11:51:53 PM
System Uptime: 4/8/2011 6:03:51 PM (0 hours ago)
.
Motherboard: Wistron | | 30D6
Processor: AMD Turion™ 64 X2 TL-58 | Socket A | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 84.26 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.081 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
Conexant HD Audio
DJ_AIO_Software_min
EA Link
ESET Online Scanner v3
ESU for Microsoft Vista
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Deskjet All-In-One Software 9.0
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.3
HP QuickTouch 1.00 C1
HP Total Care Advisor
HP Update
HP User Guides 0060
HP Wireless Assistant
HPNetworkAssistant
iTunes
Java Auto Updater
Java™ 6 Update 24
LightScribe 1.6.43.1
LogMeIn
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mobile Broadband Generic Drivers
MSCU for Microsoft Vista
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
NetWaiting
NVIDIA Drivers
PSSWCORE
Quick Startup 2.8.0.718
QuickPlay SlingPlayer 0.3.0
QuickTime
Rhapsody
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SlingPlayer
The Sims™ Life Stories
Toolbox
Touch Pad Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Wireless USB760 Firmware Updates
Vongo
VZAccess Manager
WOT for Internet Explorer
.
==== End Of File ===========================

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv2500 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 162):
0x81C37000 \SystemRoot\system32\ntkrnlpa.exe
0x81C04000 \SystemRoot\system32\hal.dll
0x80606000 \SystemRoot\system32\kdcom.dll
0x8060D000 \SystemRoot\system32\PSHED.dll
0x8061E000 \SystemRoot\system32\BOOTVID.dll
0x80626000 \SystemRoot\system32\CLFS.SYS
0x80667000 \SystemRoot\system32\CI.dll
0x80747000 \SystemRoot\System32\drivers\paekpypp.sys
0x80755000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807D1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82205000 \SystemRoot\system32\drivers\acpi.sys
0x8224B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82254000 \SystemRoot\system32\drivers\msisadrv.sys
0x8225C000 \SystemRoot\system32\drivers\pci.sys
0x82283000 \SystemRoot\System32\drivers\partmgr.sys
0x82292000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82295000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8229F000 \SystemRoot\system32\drivers\volmgr.sys
0x822AE000 \SystemRoot\System32\drivers\volmgrx.sys
0x822F8000 \SystemRoot\system32\drivers\pciide.sys
0x822FF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8230D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8231D000 \SystemRoot\system32\drivers\atapi.sys
0x82325000 \SystemRoot\system32\drivers\ataport.SYS
0x82343000 \SystemRoot\system32\drivers\fltmgr.sys
0x82375000 \SystemRoot\system32\drivers\fileinfo.sys
0x82385000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8238E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88A02000 \SystemRoot\system32\drivers\ndis.sys
0x88B0D000 \SystemRoot\system32\drivers\msrpc.sys
0x88B38000 \SystemRoot\system32\drivers\NETIO.SYS
0x88C08000 \SystemRoot\System32\drivers\tcpip.sys
0x88CF5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88E08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F18000 \SystemRoot\system32\drivers\wd.sys
0x88F20000 \SystemRoot\system32\drivers\volsnap.sys
0x88F59000 \SystemRoot\System32\Drivers\spldr.sys
0x88F61000 \SystemRoot\System32\Drivers\mup.sys
0x88F70000 \SystemRoot\System32\drivers\ecache.sys
0x88F97000 \SystemRoot\system32\drivers\disk.sys
0x88FA8000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88FC9000 \SystemRoot\system32\drivers\crcdisk.sys
0x88FF2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88D10000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88D19000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x88FFD000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x88D29000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x88E00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x88D39000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88D42000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88D46000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x88D59000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88D64000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x88D90000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88D9B000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88D9E000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88DA8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88DE6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88B73000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88DF5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8CE0E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CE9B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CEAB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CEB9000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8CED3000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8CEE2000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8CEF6000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8D206000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8D307000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8D40F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8DB46000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8DBE6000 \SystemRoot\System32\drivers\watchdog.sys
0x8DBF2000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x8D38D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0x8D3AE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CF47000 \SystemRoot\system32\DRIVERS\storport.sys
0x8DBF3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D3DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CF88000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CFAB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CFBA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CFCE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CFE3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D40B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x88B8B000 \SystemRoot\system32\DRIVERS\ks.sys
0x88BB5000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8D3F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CFF3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CE00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E008000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E03D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E04E000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8E081000 \SystemRoot\system32\drivers\portcls.sys
0x8E0AE000 \SystemRoot\system32\drivers\drmk.sys
0x8E0D3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8E207000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8E30A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8E3BE000 \SystemRoot\system32\drivers\modem.sys
0x8E3CB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E3E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E110000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8E131000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8E3E4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E3ED000 \SystemRoot\System32\Drivers\Null.SYS
0x8E3F4000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E158000 \SystemRoot\System32\drivers\vga.sys
0x8E164000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E16C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E174000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E17F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E18D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E196000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E1AC000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E60C000 \SystemRoot\system32\drivers\afd.sys
0x8E654000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E686000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E69C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E6AA000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8E6AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E6BF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E6FB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E705000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E71C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E729000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8E734000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95CE0000 \SystemRoot\System32\win32k.sys
0x8E73C000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E746000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95F00000 \SystemRoot\System32\TSDDD.dll
0x95F20000 \SystemRoot\System32\cdd.dll
0x8E755000 \SystemRoot\system32\drivers\luafv.sys
0x9BE0F000 \SystemRoot\system32\drivers\spsys.sys
0x9BEBF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9BECF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9BEF9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9BF03000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9BF16000 \SystemRoot\system32\drivers\HTTP.sys
0x9BF83000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9BFA0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9BFB9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9BFCE000 \SystemRoot\system32\drivers\mrxdav.sys
0x8E778000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8E797000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8E7D0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8E1C0000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D40E000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D45C000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9D47E000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0x9D480000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0x9D48A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9D48E000 \SystemRoot\system32\drivers\peauth.sys
0x9D56C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D576000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D582000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9D58A000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x9D596000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4C135AA0-022D-4040-9159-940DCAE529BB}\MpKsl6c880036.sys
0x9D59E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x95F90000 \SystemRoot\System32\lmimirr.dll
0x95FA0000 \SystemRoot\System32\lmimirr2.dll
0x9D5BC000 \??\C:\Users\ME\AppData\Local\Temp\mbr.sys
0x77420000 \Windows\System32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
484 C:\Windows\System32\smss.exe
568 csrss.exe
620 C:\Windows\System32\wininit.exe
632 csrss.exe
664 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
692 C:\Windows\System32\lsm.exe
764 C:\Windows\System32\winlogon.exe
864 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
972 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1100 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\audiodg.exe
1316 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\SLsvc.exe
1368 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\svchost.exe
1872 C:\Windows\System32\dwm.exe
1940 C:\Windows\System32\spoolsv.exe
1956 C:\Windows\System32\taskeng.exe
1988 C:\Windows\System32\svchost.exe
2032 C:\Windows\System32\taskeng.exe
636 C:\Windows\explorer.exe
1804 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1400 C:\Program Files\Bonjour\mDNSResponder.exe
1588 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
1376 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2100 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
2132 C:\Program Files\LogMeIn\x86\ramaint.exe
2148 C:\Program Files\LogMeIn\x86\LogMeIn.exe
2248 C:\Windows\System32\svchost.exe
2268 C:\Windows\System32\svchost.exe
2308 C:\Windows\System32\svchost.exe
2340 C:\Windows\System32\SearchIndexer.exe
2380 C:\Windows\System32\drivers\XAudio.exe
2416 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2804 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
3752 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2220 C:\Program Files\Apoint2K\Apoint.exe
1864 C:\Program Files\HP\QuickPlay\QPService.exe
2520 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
2792 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2828 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3036 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
1468 WmiPrvSE.exe
2880 C:\Windows\System32\rundll32.exe
1144 C:\Program Files\Microsoft Security Client\msseces.exe
1000 C:\Program Files\iTunes\iTunesHelper.exe
1768 C:\Program Files\Windows Sidebar\sidebar.exe
3368 C:\Windows\ehome\ehtray.exe
3308 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1664 C:\Windows\System32\rundll32.exe
536 C:\Windows\ehome\ehmsas.exe
3808 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3592 C:\Program Files\Apoint2K\ApMsgFwd.exe
3108 C:\Program Files\Apoint2K\ApntEx.exe
2856 C:\Program Files\iPod\bin\iPodService.exe
3228 C:\Windows\System32\svchost.exe
1752 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3280 C:\Program Files\Internet Explorer\iexplore.exe
2264 C:\Program Files\Internet Explorer\iexplore.exe
3868 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
6000 C:\Program Files\LogMeIn\x86\LogMeIn.exe
5384 C:\Users\ME\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`bee03e00 (NTFS)

PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.BHE

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6315

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

4/8/2011 6:02:35 PM
mbam-log-2011-04-08 (18-02-35).txt

Scan type: Quick scan
Objects scanned: 163973
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VMoQecwufX (Trojan.FakeAlert) -> Value: VMoQecwufX -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\Users\ME\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\vmoqecwufx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\45276936.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\ME\AppData\Local\Temp\0.5755095077522296.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ME\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\Ado29B3.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\ME\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ME\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[Broni]

Welcome back :)

Can you re-run MBAM in normal mode and post fresh log?

Then....

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• Click the Report tab, then click Scan.
  
• Check Drivers, Stealth, and uncheck the rest.
  
• Click OK.
  
• Wait until it's finished and then go to File > Save Report.
  
• Save the report to your Desktop.
  
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

[quilter]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6317

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

4/8/2011 8:19:15 PM
mbam-log-2011-04-08 (20-19-15).txt

Scan type: Quick scan
Objects scanned: 166091
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[quilter]

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8D40F000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7565312 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.09 )
0x81C37000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x81C37000 PnpManager 3907584 bytes
0x81C37000 RAW 3907584 bytes
0x81C37000 WMIxWDM 3907584 bytes
0x95CE0000 Win32k 2109440 bytes
0x95CE0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88E08000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x88A02000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8E207000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8D206000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1052672 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x88C08000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)
0x80667000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9D48E000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8E30A000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9BE0F000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8DB46000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8CE0E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8D307000 C:\Windows\system32\DRIVERS\bcmwl6.sys 548864 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x80755000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8238E000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9BF16000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8CEF6000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x9D40E000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x822AE000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8E60C000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x82205000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80626000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8CF47000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x88DA8000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8E0D3000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x88BB5000 C:\Windows\system32\DRIVERS\NWADIenum.sys 249856 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0x8E6BF000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x88B38000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8E797000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88F20000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8E008000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81C04000 ACPI_HAL 208896 bytes
0x8E04E000 C:\Windows\system32\drivers\CHDRT32.sys 208896 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x81C04000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82343000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8E654000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8D3AE000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8E081000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88D64000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x88B0D000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x88B8B000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9BECF000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8E1C0000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88F70000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8E131000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x8225C000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8E0AE000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8CF88000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x88FA8000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9BFCE000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8E110000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8D38D000 C:\Windows\system32\DRIVERS\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8E778000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82325000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9BF83000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x88CF5000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8E755000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8CEB9000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9BFA0000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x88B73000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8E7D0000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E705000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8D3DD000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8E3CB000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9D59E000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8E686000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8E196000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9BFB9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8CFCE000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8CFBA000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8CEE2000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8E1AC000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x88D46000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9BF03000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E6AC000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88F97000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E03D000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8060D000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x88D19000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x82375000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x88D29000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9BEBF000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8230D000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8CE9B000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8CFE3000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8E746000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88F61000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82283000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8CFAB000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8CED3000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x88DE6000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8229F000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8CEAB000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x95F20000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8E69C000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8E17F000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80747000 C:\Windows\System32\drivers\paekpypp.sys 57344 bytes
0x822FF000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8E71C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8E3BE000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8CFF3000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x807D1000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9D58A000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 49152 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
0x9D576000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8E158000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8DBE6000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8E729000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x88D59000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x88D90000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8E174000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D400000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8DBF3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x88FF2000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x82295000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8E73C000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9D480000 C:\Windows\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0x9D45C000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x8D3F4000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9BEF9000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E6FB000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9D56C000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x88D9E000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x88FC9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8E3E4000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8CE00000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x9D5DE000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82385000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8E18D000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x95F00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88D10000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x88D39000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8224B000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8231D000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8061E000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8E734000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x82254000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8E164000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E16C000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88F59000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x88F18000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0x9D582000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8E3F4000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x88E00000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80606000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9D5BC000 C:\Users\ME\AppData\Local\Temp\mbr.sys 28672 bytes
0x8E3ED000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x822F8000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x88DF5000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x9D596000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4C135AA0-022D-4040-9159-940DCAE529BB}\MpKsl6c880036.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x95C10000 C:\Windows\System32\lmimirr.dll 20480 bytes (LogMeIn, Inc., LogMeIn Mirror Driver)
0x88D42000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9D48A000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x82292000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x88FFD000 C:\Windows\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver)
0x88D9B000 C:\Windows\system32\DRIVERS\nvsmu.sys 12288 bytes (NVIDIA Corporation, NVIDIA® nForce™ SMU Microcontroller Driver)
0x8E6AA000 C:\Windows\system32\DRIVERS\eabfiltr.sys 8192 bytes (Hewlett-Packard Development Company, L.P., QLB PS/2 Keyboard filter driver)
0x95C20000 C:\Windows\System32\lmimirr2.dll 8192 bytes (LogMeIn, Inc., LogMeIn Video Helper)
0x9D47E000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0x8D40B000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8E3E2000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8DBF2000 C:\Windows\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
==============================================
>Stealth
==============================================
0x00340000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x84B6F518 ] PID: 1752, 86016 bytes

[Broni]

Looks good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
  
  • Close any open browsers.
    
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.
  
• When finished, it will produce a report for you.
  
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
  
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• If not, delete the file, then download and use the one provided in Link 2.
  
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  
• Do not reboot until instructed.
  
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

[quilter]

ComboFix 11-04-08.01 - ME 04/08/2011 20:36:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2494.1429 [GMT -5:00]
Running from: c:\users\ME\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))
.
.
2011-04-09 01:47 . 2011-04-09 01:47 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-04-09 01:47 . 2011-04-09 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-08 23:04 . 2011-04-08 23:04 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C135AA0-022D-4040-9159-940DCAE529BB}\MpKsl6c880036.sys
2011-04-08 22:41 . 2010-11-30 16:43 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4490431C-08FC-4478-87DD-EB63EEC228A7}\gapaengine.dll
2011-04-08 22:41 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C135AA0-022D-4040-9159-940DCAE529BB}\mpengine.dll
2011-03-28 18:08 . 2011-03-28 18:08 -------- d-----w- c:\program files\Microsoft Silverlight
2011-03-25 21:04 . 2010-11-30 16:43 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-23 00:34 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 00:34 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 00:34 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:05 . 2010-12-24 22:10 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-03 02:40 . 2010-12-22 00:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:37 . 2011-02-11 03:02 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-11 03:02 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-11 03:02 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-11 03:02 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-11 03:02 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-11 03:02 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-11 03:02 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-11 03:02 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-11 03:02 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-11 03:02 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-11 03:02 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-11 03:02 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-11 03:02 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-11 03:02 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-11 03:02 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-11 03:02 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-11 03:02 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-11 03:02 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-11 03:02 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-11 03:02 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-11 03:02 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-11 03:02 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-11 03:02 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-11 03:02 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-11 03:02 683008 ----a-w- c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 159744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-05-19 181744]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-06-13 554552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-19 8462336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-19 81920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-12-18 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-12-18 174720]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl6c880036;MpKsl6c880036;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C135AA0-022D-4040-9159-940DCAE529BB}\MpKsl6c880036.sys [2011-04-08 28752]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL6C880036
*NewlyCreated* - NORMANDY
*Deregistered* - Normandy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 23:09]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 23:09]
.
2011-04-08 c:\windows\Tasks\User_Feed_Synchronization-{89AC6DCC-2E4D-41D1-866B-66222E9FBA00}.job
- c:\windows\system32\msfeedssync.exe [2011-02-11 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: {17BB25AB-E86F-4701-A66D-8B52FF9A2F0E} = 66.174.95.44 69.78.96.14
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-08 20:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-08 20:52:01
ComboFix-quarantined-files.txt 2011-04-09 01:51
.
Pre-Run: 90,419,757,056 bytes free
Post-Run: 90,372,808,704 bytes free
.
- - End Of File - - FA1CEF2EEDAD9E8A009FCA8A0A540D86

[Broni]

All clean :)

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

======================================================================================

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
  
• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• IMPORTANT! UN-check Remove found threats
  
• Accept any security warnings from your browser.
  
• Check Scan archives
  
• Click Start
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push List of found threats
  
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[quilter]

It has been runing for one hour and 15 minutes and only 33% complete so it will be tomorrow when I post the results. Thanks Broni. Jill

[Broni]

No problem :)

[quilter]

C:\Users\ME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2ec82cba-437ff24c multiple threats

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\Users\ME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2ec82cba-437ff24c
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]
  

  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• You will get a log that shows the results of the fix. Please post it.

=========================================================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
  
• Close all other programs apart from OTL as this step will require a reboot
  
• On the OTL main screen, press the CLEANUP button
  
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...ning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html

12. Please, let me know, how your computer is doing.

[quilter]

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\ME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2ec82cba-437ff24c moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ME
->Temp folder emptied: 836773 bytes
->Temporary Internet Files folder emptied: 54236427 bytes
->Java cache emptied: 32198 bytes
->Flash cache emptied: 11753 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2414 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: ME
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04092011_160310

Files\Folders moved on Reboot...
C:\Users\ME\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\ME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y3X73Z1O\page__gopid__164499[1].htm moved successfully.
C:\Users\ME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HM26LO8W\44738-trojan-2011[1].htm moved successfully.
C:\Users\ME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HM26LO8W\45100-work-laptop-infected[1].htm moved successfully.
C:\Users\ME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

[quilter]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ME
->Temp folder emptied: 33040 bytes
->Temporary Internet Files folder emptied: 2445426 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 806 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: ME
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 04092011_161444

Files\Folders moved on Reboot...
C:\Users\ME\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

[Broni]

Quote

12. Please, let me know, how your computer is doing.

Whenever ready....

[quilter]

It is back running great again Broni. Thanks so much for your time here. I really appreciated it. I will try to make sure this does not happen again. Thanks again, Jill

[Broni]

Way to go!!
Good luck and stay safe :)