[RESOLVED] FBI After You!

Thanks again for your kind assistance. I will complete the step outlined on tha posting,and will report afterwards!
Thank You!:)

https://discussions.virtualdr.com/

Hi Broni: My apologies for not posting sooner,but I have been occupied with the taxes,and I have not finished them yet. I will run all the reccomended software in a couple of days,and post the results.
Thanks again for your kind assistance.

https://discussions.virtualdr.com/

Hi Broni: Here I am back, I have ran the programs,and posting the logs,either one by one or together depending upon the size and limitations for sending them;

First I am semding the logs for Maware Bytes,AntiMalware:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.31.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19401
graceport :: MECHE [administrator]

3/31/2013 2:36:46 PM
mbam-log-2013-03-31 (14-36-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222213
Time elapsed: 10 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\graceport\AppData\Local\temp\7367443.exe (Trojan.Winlock) -> Quarantined and deleted successfully.

(end)


Second, aswMBR Log:


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-04 16:27:31
-----------------------------
16:27:31.470 OS Version: Windows 6.0.6002 Service Pack 2
16:27:31.470 Number of processors: 2 586 0xF0D
16:27:31.470 ComputerName: MECHE UserName:
16:27:33.482 Initialize success
16:27:49.511 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:27:49.511 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
16:27:49.854 Disk 0 MBR read successfully
16:27:49.870 Disk 0 MBR scan
16:27:49.870 Disk 0 Windows VISTA default MBR code
16:27:49.886 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
16:27:49.901 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
16:27:49.917 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228129 MB offset 21069824
16:27:49.932 Disk 0 scanning sectors +488278016
16:27:50.088 Disk 0 scanning C:\Windows\system32\drivers
16:28:02.288 Service scanning
16:28:20.805 Modules scanning
16:28:26.093 Disk 0 trace - called modules:
16:28:26.124 ntkrnlpa.exe fltsrv.sys hal.dll tdrpman.sys CLASSPNP.SYS disk.sys vsflt58.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:28:26.124 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86acb308]
16:28:26.140 3 CLASSPNP.SYS[88d498b3] -> nt!IofCallDriver -> [0x869c80c8]
16:28:26.156 5 vsflt58.sys[8071ef7b] -> nt!IofCallDriver -> [0x85e00268]
16:28:26.156 7 acpi.sys[8069d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85e09528]
16:28:26.171 Scan finished successfully
16:29:06.544 Disk 0 MBR has been saved successfully to "C:\Users\graceport\Documents\MBR.dat"
16:29:06.575 The log file has been saved successfully to "C:\Users\graceport\Documents\aswMBR.txt"
16:29:58.483 Disk 0 MBR has been saved successfully to "C:\Info for Virtual Dr\MBR.dat"
16:29:58.499 The log file has been saved successfully to "C:\Info for Virtual Dr\aswMBR.txt"


I will post the DDS logs on my nexy Post Reply.

Thanks

Broni: I am postind the two DDS logs:

1)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19401 BrowserJavaVersion: 1.6.0_27
Run by graceport at 16:31:37 on 2013-04-04
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.628 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\EMET\EMET_notifier.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\vssvc.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Cocoon BHO: {9F6733BC-A2D6-4726-B2B4-9727C36F7859} - c:\program files\cocoonie\CocoonIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Cocoon Toolbar: {58435E33-B5C7-4871-9D03-1A5FEB408074} - c:\program files\cocoonie\CocoonIE.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Cocoon Toolbar: {58435E33-B5C7-4871-9D03-1A5FEB408074} - c:\program files\cocoonie\CocoonIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [EMET Notifier] c:\program files\emet\EMET_notifier.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn-cs02.jpmorganchase.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0D21CFA8-7E48-4C7F-B930-B153D649DBEE} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{7FDB07B3-BB1C-4A48-A2E6-85B376290FDA} : DHCPNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~2\goec62~1.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\graceport\appdata\roaming\mozilla\firefox\profiles\pjs1p8qe.default-1359734957495\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-14 14:32; [email protected]; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-03-14 14:32; [email protected]; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2012-9-5 76768]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2012-9-5 126112]
R0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\drivers\vsflt58.sys [2012-9-5 84512]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-12-11 116608]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2012-9-5 3409872]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-28 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-28 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-28 66616]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-1 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-1-31 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-10-16 47640]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2012-9-5 234752]
R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files\common files\acronis\syncagent\syncagentsrv.exe [2011-8-20 5729328]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-6 30192]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itnt.sys [2009-4-7 453475]
S4 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-8-24 625816]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WINWORD.EXE="c:\program files\microsoft office\office11\WINWORD.EXE" /n /dde [UserChoice] [default=edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-04-04 20:30:33 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{005aa520-846e-4a85-b7c8-73a17c6c2eee}\mpengine.dll
2013-03-31 18:32:16 -------- d-----w- C:\Info for Virtual Dr
2013-03-27 21:50:24 -------- d-----w- C:\FRST
2013-03-21 17:06:11 -------- d-----w- C:\GE Remote Control RC 24977
2013-03-21 16:54:20 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-03-21 16:53:47 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-03-21 16:51:40 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-21 16:51:33 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-03-21 16:51:29 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-03-21 16:51:25 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-21 16:51:16 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-21 16:51:16 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-21 15:58:13 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-21 15:58:13 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-19 16:32:29 -------- d-----w- C:\ADOBE READER 11
2013-03-18 16:15:40 -------- d-----w- C:\Alfredo Sadel Romanticas MP3
2013-03-18 15:29:06 -------- d-----r- C:\Alfredo Sadel Romanticas
2013-03-18 13:53:31 -------- d-----w- c:\users\graceport\appdata\roaming\ConverterLite
2013-03-18 13:53:28 -------- d-----w- c:\program files\ConverterLite
2013-03-18 13:52:31 -------- d-----w- c:\programdata\APN
2013-03-17 23:47:54 -------- d-----w- C:\TomTom GPS FIX
2013-03-17 20:24:03 -------- d-----w- C:\Foto Tio Victor y Guillermo
2013-03-17 15:46:00 -------- d-----w- C:\Milo Videos
2013-03-15 19:50:40 -------- d-----w- C:\Padre Palmar y Chavez
2013-03-15 19:06:41 -------- d-----w- c:\users\graceport\appdata\local\HP
2013-03-15 12:32:40 -------- d-----w- C:\Lina Maria Perros
2013-03-14 18:35:46 316928 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp092.dll
2013-03-14 18:25:34 -------- d-----w- c:\windows\hpoj4500g510n-z
2013-03-14 18:24:17 716288 ----a-w- c:\windows\system32\hpwwiax9.dll
2013-03-14 18:24:17 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2013-03-14 18:24:16 593920 ----a-w- c:\windows\system32\hpwtscl5.dll
2013-03-14 18:24:16 315392 ----a-w- c:\windows\system32\hpwvst01.dll
2013-03-14 18:24:03 452408 ----a-w- c:\windows\system32\hpzids01.dll
2013-03-14 18:23:55 122880 ----a-w- c:\windows\system32\hpf3l092.dll
2013-03-14 00:51:47 -------- d-----w- C:\Alfredo Sadel
2013-03-13 21:35:46 -------- d-----w- C:\DVD Converters
2013-03-13 21:28:24 -------- d-----w- C:\Codec Identifier
2013-03-13 14:04:54 -------- d-----w- C:\PER 9
2013-03-07 15:58:43 -------- d-----w- C:\29a6a137e6ffd8959222
.
==================== Find3M ====================
.
2013-03-13 14:37:25 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 14:37:25 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-28 02:49:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-02 09:18:13 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 09:12:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-02 09:12:13 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 09:11:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-02-02 09:11:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-02-02 07:37:34 385024 ----a-w- c:\windows\system32\html.iec
2013-02-02 05:52:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-17 05:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:35:54.68 ===============


2)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 3/6/2008 9:26:27 AM
System Uptime: 4/4/2013 4:08:42 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | Socket 775 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 104.864 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0.281 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
1500
1500_Help
1500Trb
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Acronis True Image Home 2012
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02) MUI
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AOL Install
Apple Application Support
Apple Software Update
Applian PicturePerfect
Aquatica 3
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Avery Wizard 4.0
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 8.2
Brother HL-1440
Brother HL-5240
Browser Address Error Redirector
BufferChm
Canon Easy-PhotoPrint EX
Canon My Printer
CCleaner
CCScore
Chinese Traditional Fonts Support For Adobe Reader 8
Cocoon for Internet Explorer
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Confidence Online(tm) for Web Applications
ConverterLite 1.6.3
Copy
Coupon Printer for Windows
Crawler 3D Aquarium Screensaver
CustomerResearchQFolder
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center (Support Software)
Destinations
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DocMgr
DocProc
DocProcQFolder
DVD PhotoPlay
E210
EarthLink Setup Files
EMET
EPSON Printer Software
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
eSupportQFolder
Fax
GIMP 2.6.11
Glary Utilities 2.33.0.1158
Google Desktop
Google Earth
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPBaseService2
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Detection
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Ink Monitor
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.11.0
Internet Service Offers Launcher
Java(TM) 6 Update 27
Juniper Networks Setup Client
Juniper Terminal Services Client
Kodak EasyShare software
Learn2 Player (Uninstall Only)
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
LogMeIn
Malwarebytes Anti-Malware version 1.70.0.1100
Map Button (Windows Live Toolbar)
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Picture It! Photo Premium 9
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
netbrdg
NetWaiting
Network
OCR Software by I.R.I.S. 13.0
OfotoXMI
OGA Notifier 2.0.0048.0
Pandora Service
Photo Explosion Deluxe
PlanWrite - Business Plan Writer Deluxe 2003
PowerDVD
Product Documentation Launcher
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
RTC Client API v1.2
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
SFR
SHASTA
Shop for HP Supplies
skin0001
SKINXSDK
Skype Click to Call
Skype™ 5.10
Skype™ for Pocket PC 2.0
Smart Menus (Windows Live Toolbar)
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
staticcr
Status
SUPERAntiSpyware Free Edition
The KMPlayer (remove only)
Toolbox
TrayApp
Ulead VideoStudio SE DVD
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB2.0 Capture Device
User's Guides
Viewpoint Media Player
VLC media player 0.9.9
VPRINTOL
WebCam for MSN Messenger
WebReg
Windows 7 Upgrade Advisor
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
WinRAR archiver
WinZip
WIRELESS
WOT for Internet Explorer
Xvid 1.2.1 final uninstall
Yahoo! Install Manager
Yahoo! Toolbar
.
==== End Of File ===========================
Thanks Again

http://dev.discussions.virtualdr.forums.relay.cool/ Download RogueKiller on the desktop

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

http://dev.discussions.virtualdr.forums.relay.cool/ Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Hi Broni: Ran Roguekiller and MalwareAntiroot Kit,and I am posting the Logs:

RogueKiller
1)
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : graceport [Admin rights]
Mode : Scan -- Date : 04/05/2013 12:18:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82E4ED75 -> HOOKED (Unknown @ 0x8AA2C3EE)
SSDT[289] : NtSetContextThread @ 0x82EB003F -> HOOKED (Unknown @ 0x8AA2C3F3)
SSDT[334] : NtTerminateProcess @ 0x82E0E0D3 -> HOOKED (Unknown @ 0x8AA2C38F)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8AA2C3F8)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8AA2C3FD)

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS ATA Device +++++
--- User ---
[MBR] 2810f80b0d308030f29a2f75f3dcdcae
[BSP] 597689f9fd584ba824a36be87199a262 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 228129 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04052013_02d1218.txt >>
RKreport[1]_S_04052013_02d1218.txt

2)
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : graceport [Admin rights]
Mode : Remove -- Date : 04/05/2013 12:22:06
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82E4ED75 -> HOOKED (Unknown @ 0x8AA2C3EE)
SSDT[289] : NtSetContextThread @ 0x82EB003F -> HOOKED (Unknown @ 0x8AA2C3F3)
SSDT[334] : NtTerminateProcess @ 0x82E0E0D3 -> HOOKED (Unknown @ 0x8AA2C38F)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8AA2C3F8)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8AA2C3FD)

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS ATA Device +++++
--- User ---
[MBR] 2810f80b0d308030f29a2f75f3dcdcae
[BSP] 597689f9fd584ba824a36be87199a262 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 228129 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04052013_02d1222.txt >>
RKreport[1]_S_04052013_02d1218.txt ; RKreport[2]_D_04052013_02d1222.txt



Malware AntiRoot Kit. One scan,found no malware!

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19401

Java version: 1.6.0_27

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 2135375872, free: 1104859136

------------ Kernel report ------------
04/05/2013 12:24:37
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\vsflt58.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\Drivers\Ntfs.sys


Thanks!:)

I still need system-log.txt log.

I am sorry for the missunderstanding, I think this is the Log you need,if not,please let me know,and I will run AntiMalware RootKit again.
ThankS!

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19401

Java version: 1.6.0_27

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 2135375872, free: 1104859136

------------ Kernel report ------------
04/05/2013 12:24:37
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\vsflt58.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpman.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\UsbFltr.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\LVPr2Mon.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\Windows\system32\drivers\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86ac8ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85e09820
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.05.07
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86ac8ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ac87b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86ac8ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff869c5820, DeviceName: Unknown, DriverName: \Driver\vidsflt58\
DevicePointer: 0xffffffff85e01548, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85e09820, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffbe6371f0, 0xffffffff86ac8ac8, 0xffffffff8661f328
Lower DeviceData: 0xffffffff85aad8f0, 0xffffffff85e09820, 0xffffffff85c75c20
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8000000

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 98304 Numsec = 20971520

Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 21069824 Numsec = 467208192
Partition file system is NTFS
Partition is bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488261250-488281250)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
Thanks!

http://dev.discussions.virtualdr.forums.relay.cool/ Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/...-in-windows-7/
- Vista: http://www.howtogeek.com/howto/windo...ystem-restore/
- XP: http://support.microsoft.com/kb/948247

http://dev.discussions.virtualdr.forums.relay.cool/ Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Hi Broni: Ran Combo Fix as instructed,saved the Log,but unfortunately computer froze up afterward. I shut down the PC,and restart it again,both normally and in Safe Mode,but all I get is a black screen and the mouse arrow.
I am baffled! Please advise!
Thanks!

Did you try "Last known good configuration"?

Yes, I have tried them all,and after trying to boot up,it ends up with the black screen.Go figure! Hitting F8,I get the screen with the several choices, Repair Pc, Safe Mode,Last configuracion,etc...etc?
Thanks!

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  
  
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.