lizard1231
Members-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by lizard1231
-
i found out how to fix it
-
I ran TDSS Killer and it didnt find any viruses
-
The Virus closes all of my programs and will not allow me to re-open them. I went into Safe Mode with Networking but the internet still wont work. I cannot update my MBAM and the scan is not finding anything.
-
Redirecting, Script error, Hidden files
lizard1231 replied to lizard1231's topic in Resolved Malware Removal Logs
Its been working fine. Thanks -
Redirecting, Script error, Hidden files
lizard1231 replied to lizard1231's topic in Resolved Malware Removal Logs
Yup... that worked ComboFix 11-04-24.01 - Lizzie 04/24/2011 15:28:00.1.2 - x86 Microsoft -
Redirecting, Script error, Hidden files
lizard1231 replied to lizard1231's topic in Resolved Malware Removal Logs
All it gets to is the little green bar tell me its loading -
Redirecting, Script error, Hidden files
lizard1231 replied to lizard1231's topic in Resolved Malware Removal Logs
it still crashes my computer once i start to run it -
Redirecting, Script error, Hidden files
lizard1231 replied to lizard1231's topic in Resolved Malware Removal Logs
So i have ran the program in both regular and safe mode, and it scanned for about 5-10 minutes but then a pop-up appears and say that it stopped working. -
Redirecting, Script error, Hidden files
lizard1231 replied to lizard1231's topic in Resolved Malware Removal Logs
SystemLook 04.09.10 by jpshortstuff Log created at 18:55 on 17/04/2011 by Lizard1231 Administrator - Elevation successful ========== filefind ========== Searching for "volsnap.sys" C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys --a---- 226280 bytes [01:45 18/09/2009] [06:32 11/04/2009] 147281C01FCB1DF9252DE2A10D5E7093 C:\Windows\System32\drivers\volsnap.sys --a---- 227896 bytes [02:32 21/01/2008] [02:32 21/01/2008] D8B4A53DD2769F226B3EB374374987C9 C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys --a---- 208488 bytes [10:25 02/11/2006] [09:51 02/11/2006] 11EF6C1CAEF76B685233450A126125D6 C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys --a---- 227896 bytes [02:32 21/01/2008] [02:32 21/01/2008] D8B4A53DD2769F226B3EB374374987C9 C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys --a---- 227896 bytes [02:32 21/01/2008] [02:32 21/01/2008] D8B4A53DD2769F226B3EB374374987C9 -= EOF =- -
Redirecting, Script error, Hidden files
lizard1231 replied to lizard1231's topic in Resolved Malware Removal Logs
Sorry i haven't replied in a while. I tried to run the tdsskiller, but it wont open. I have even changed the extension but all it does when i click Run as Administrator is have a box pop up that says "A program needs your permission to continue", i click continue and wait but nothing happens. -
Redirecting, Script error, Hidden files
lizard1231 replied to lizard1231's topic in Resolved Malware Removal Logs
i dont know if im doing something wrong but every time i try to use it my computer crashes. -
Redirecting, Script error, Hidden files
lizard1231 replied to lizard1231's topic in Resolved Malware Removal Logs
OTL logfile created on: 4/10/2011 3:07:18 PM - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lizzie\Downloads Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222.54 Gb Total Space | 66.60 Gb Free Space | 29.93% Space Free | Partition Type: NTFS Drive D: | 10.34 Gb Total Space | 1.77 Gb Free Space | 17.09% Space Free | Partition Type: NTFS Computer Name: LIZS-PC | User Name: Lizzie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lizzie\Downloads\OTH.scr (OldTimer Tools) PRC - C:\Users\Lizzie\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SMINST\BLService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Lizzie\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (RelevantKnowledge) -- File not found SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (TIEHDUSB) -- C:\Windows\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2247187 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Mario Forever Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.hulu.com/" FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:4.0 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: textlinks@playsushi.com:1.0.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/07 19:32:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/07 19:32:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 3\components [2011/04/09 17:09:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 3\plugins [2011/04/09 17:09:06 | 000,000,000 | ---D | M] [2009/05/18 16:28:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lizzie\AppData\Roaming\Mozilla\Extensions [2009/05/18 16:28:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lizzie\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2011/04/10 14:59:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\s57u0m3l.default\extensions [2011/04/07 16:43:29 | 000,000,000 | -H-D | M] (HootBar) -- C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\s57u0m3l.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37} [2011/04/07 16:43:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\s57u0m3l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/07/18 14:22:47 | 000,000,000 | -H-D | M] (Advantage extension) -- C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\s57u0m3l.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a67} [2009/04/27 16:09:10 | 000,000,888 | -H-- | M] () -- C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\s57u0m3l.default\searchplugins\conduit.xml [2009/06/17 12:55:28 | 000,007,982 | -H-- | M] () -- C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\s57u0m3l.default\searchplugins\oneriot-social-web-search.xml [2009/05/12 17:35:17 | 000,001,741 | -H-- | M] () -- C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\s57u0m3l.default\searchplugins\search-the-web.xml File not found (No name found) -- [2009/05/07 15:06:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.1 BETA 3\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/10/11 15:54:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.1 BETA 3\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/12/05 11:05:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.1 BETA 3\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} () (No name found) -- C:\USERS\LIZZIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S57U0M3L.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI () (No name found) -- C:\USERS\LIZZIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S57U0M3L.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI [2009/04/06 17:41:26 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe () O4 - HKCU..\Run: [speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - Startup: C:\Users\Lizzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Lizzie\Pictures\Panic!\003.jpg O24 - Desktop BackupWallPaper: C:\Users\Lizzie\Pictures\Panic!\003.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{91e796fd-a584-11df-9a9d-001f16710a9a}\Shell\AutoRun\command - "" = F:\LinksysConnectPC.exe O33 - MountPoints2\{f49ebca5-1500-11de-a00d-001f16710a9a}\Shell\AutoRun\command - "" = F:\LinksysConnectPC.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/07 19:33:00 | 000,000,000 | -H-D | C] -- C:\Users\Lizzie\AppData\Local\DDMSettings [2011/04/07 19:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011/04/07 19:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/10 14:59:14 | 000,000,284 | -H-- | M] () -- C:\ProgramData\hpqp.ini [2011/04/10 14:59:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/04/10 14:59:07 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\PAV.job [2011/04/10 14:59:05 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/10 14:59:05 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/10 14:58:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/04/10 14:58:52 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys [2011/04/09 19:19:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/04/09 16:12:25 | 000,007,728 | ---- | M] () -- C:\Users\Lizzie\AppData\Local\d3d9caps.dat [2011/04/09 15:45:49 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~42786568r [2011/04/09 15:45:49 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~42786568 [2011/04/09 15:45:47 | 000,000,581 | -H-- | M] () -- C:\Users\Lizzie\Desktop\Windows Restore.lnk [2011/04/09 15:45:42 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42786568 [2011/04/09 15:45:40 | 000,475,136 | -H-- | M] () -- C:\ProgramData\42786568.exe [2011/04/07 20:02:22 | 000,036,352 | -H-- | M] () -- C:\Users\Lizzie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/07 18:16:45 | 000,000,911 | -H-- | M] () -- C:\Users\Lizzie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/04/07 18:16:45 | 000,000,887 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/04/07 18:01:59 | 000,002,265 | -H-- | M] () -- C:\Users\Lizzie\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/04/05 19:20:21 | 000,002,241 | -H-- | M] () -- C:\Users\Lizzie\Desktop\Apple Safari.lnk [2011/04/02 11:24:02 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/04/02 11:24:02 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/03/24 22:43:03 | 000,000,000 | -H-- | M] () -- C:\Users\Lizzie\AppData\Roaming\AVSDVDPlayer.m3u [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/09 16:11:57 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys [2011/04/09 15:45:49 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~42786568r [2011/04/09 15:45:48 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~42786568 [2011/04/09 15:45:47 | 000,000,581 | -H-- | C] () -- C:\Users\Lizzie\Desktop\Windows Restore.lnk [2011/04/09 15:45:42 | 000,000,336 | -H-- | C] () -- C:\ProgramData\42786568 [2011/04/09 15:45:40 | 000,475,136 | -H-- | C] () -- C:\ProgramData\42786568.exe [2011/04/07 18:16:45 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2009/12/11 19:36:10 | 000,000,008 | -H-- | C] () -- C:\Users\Lizzie\AppData\Roaming\DofusAppId0_2 [2009/12/11 19:33:58 | 000,000,173 | -H-- | C] () -- C:\Users\Lizzie\AppData\Roaming\D2Info0 [2009/12/11 19:33:58 | 000,000,008 | -H-- | C] () -- C:\Users\Lizzie\AppData\Roaming\DofusAppId0_1 [2009/12/09 19:47:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/10/05 21:15:21 | 000,000,000 | -H-- | C] () -- C:\Users\Lizzie\AppData\Roaming\wklnhst.dat [2009/07/14 20:37:22 | 000,000,063 | -H-- | C] () -- C:\Users\Lizzie\AppData\Roaming\AVSMediaPlayer.m3u [2009/06/16 00:33:59 | 000,007,728 | ---- | C] () -- C:\Users\Lizzie\AppData\Local\d3d9caps.dat [2009/05/05 22:30:00 | 000,012,717 | R--- | C] () -- C:\Windows\hpwscr14.dat [2009/05/05 22:27:06 | 000,179,602 | ---- | C] () -- C:\Windows\hpwins14.dat [2009/04/07 22:34:51 | 000,000,000 | -H-- | C] () -- C:\Users\Lizzie\AppData\Roaming\AVSDVDPlayer.m3u [2009/04/07 21:46:28 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009/04/07 21:46:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009/04/04 22:17:32 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ImxEx.dll [2009/03/28 00:07:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2009/03/25 18:08:43 | 000,036,352 | -H-- | C] () -- C:\Users\Lizzie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/13 00:29:55 | 000,000,284 | -H-- | C] () -- C:\ProgramData\hpqp.ini [2008/10/23 01:43:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008/10/23 01:43:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/07/06 16:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll [2008/07/06 16:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008/06/29 10:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2008/06/09 15:02:30 | 000,001,108 | R--- | C] () -- C:\Windows\hpwmdl14.dat [2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:44:53 | 000,344,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2009/11/17 21:46:02 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\Alawar [2009/12/11 19:34:02 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\app [2011/01/31 22:36:06 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/12/11 20:04:35 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\Dofus 2 [2009/12/11 19:36:10 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2009/12/11 19:33:58 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2009/06/26 03:07:05 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\GetRightToGo [2009/03/19 18:00:26 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\iWin [2011/03/08 19:42:16 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\muvee Technologies [2009/11/19 19:31:01 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\MysteryStudio [2009/05/07 17:18:04 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\OpenOffice.org [2009/03/31 15:34:48 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\PlayFirst [2009/11/17 21:56:40 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\Playrix Entertainment [2009/12/11 19:34:02 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2009/11/02 20:31:30 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\Spacejock Software [2009/03/28 14:41:17 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\SPORE Creature Creator [2009/07/25 20:46:47 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\Tific [2009/12/03 20:18:37 | 000,000,000 | -H-D | M] -- C:\Users\Lizzie\AppData\Roaming\Youdagames [2011/04/10 14:59:07 | 000,000,214 | ---- | M] () -- C:\Windows\Tasks\PAV.job [2011/04/10 00:23:47 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGKMVF9V8N4TKBRVDNGCMXLJ4M28WDP36MLTJ5KJ4VPXHAT @Alternate Data Stream - 337 bytes -> C:\ProgramData\Temp:B8CAAE22 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:3B4DA230 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:32A82570 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0E22C5DB @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CB0FEE2B @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4A2862FF @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:5335CE76 < End of report > -
I recently got some kind of virus on my system that has made most of my file and document hidden, it started to redirect my internet pages during searches, and an internet explorer script error message keeps appearing. I have run malwarebytes and it did find some problems but the virus is still on my system.