Johnny Whoops
-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Johnny Whoops
-
Bear with me, Maniac. I'm still trying to get Sfc.exe to work.
-
ESET Online Scanner log: C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined C:\Documents and Settings\Johnny\Application Data\Sun\Java\Deployment\cache\6.0\41\289c31e9-77a99b4c a variant of Win32/Unruy.AA trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP316\A0061653.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
-
I ran the Dr.Web CureIt complete scan, as instructed, and nothing was found this time, but audio ads are still playing over my speakers: ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Scanned: 362574 Infected: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 24 Kb/s Scan time: 44:16:37 ----------------------------------------------------------------------------- ============================================================================= Total session statistics ============================================================================= Scanned: 374697 Infected: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 15 Kb/s Scan time: 44:42:42 =============================================================================
-
Combo-Fix.txt: ComboFix 10-07-26.04 - Johnny 07/27/2010 9:53.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1227 [GMT -7:00] Running from: c:\documents and settings\Johnny\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 ))))))))))))))))))))))))))))))) . 2010-07-21 05:59 . 2010-07-21 05:59 -------- d-----w- c:\program files\iPod 2010-07-21 05:53 . 2010-07-21 05:53 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe 2010-07-21 05:41 . 2010-07-21 05:41 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll 2010-07-21 05:41 . 2010-07-21 05:41 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll 2010-07-21 05:41 . 2010-07-21 05:41 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-07-20 07:53 . 2010-07-26 01:53 -------- d-----w- c:\documents and settings\Johnny\DoctorWeb 2010-07-17 20:18 . 2010-07-17 20:18 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-07-17 20:18 . 2010-07-17 20:18 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-07-17 20:18 . 2010-07-17 20:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-17 20:17 . 2010-07-17 20:17 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll 2010-07-17 20:17 . 2010-07-17 20:17 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe 2010-07-17 20:17 . 2010-07-17 20:17 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-07-17 20:17 . 2010-07-17 20:17 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-07-14 06:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-07 06:56 . 2010-07-07 07:17 -------- d-----w- c:\windows\BDOSCAN8 2010-07-07 06:40 . 2010-07-07 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2010-07-02 08:47 . 2010-07-02 08:47 -------- d-----w- c:\documents and settings\Johnny\Application Data\Malwarebytes 2010-07-02 08:46 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-02 08:46 . 2010-07-02 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-02 08:46 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-02 08:46 . 2010-07-02 08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-01 06:05 . 2010-07-01 06:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-27 16:47 . 2010-05-15 05:56 0 ----a-w- c:\documents and settings\Johnny\Local Settings\Application Data\prvlcl.dat 2010-07-21 06:00 . 2010-06-25 05:16 -------- d-----w- c:\program files\iTunes 2010-07-21 05:59 . 2009-05-01 01:23 -------- d-----w- c:\program files\Common Files\Apple 2010-07-17 20:18 . 2008-06-03 06:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-17 20:18 . 2008-06-03 06:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-10 07:13 . 2009-03-26 12:05 -------- d-----w- c:\documents and settings\Johnny\Application Data\Apple Computer 2010-07-10 07:13 . 2009-05-01 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-07-10 01:50 . 2006-07-24 10:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys 2010-07-09 04:46 . 2007-08-15 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2010-07-09 04:23 . 2006-07-24 18:53 -------- d-----w- c:\program files\Java 2010-07-07 07:29 . 2010-04-22 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-07 06:04 . 2006-08-02 20:15 -------- d-----w- c:\program files\Trend Micro 2010-07-06 06:57 . 2009-01-17 14:09 28972 ---ha-w- c:\windows\system32\mlfcache.dat 2010-06-25 05:11 . 2010-06-25 05:11 -------- d-----w- c:\program files\Bonjour 2010-06-14 14:31 . 2006-07-24 17:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-10 04:06 . 2010-05-05 03:18 -------- d-----w- c:\program files\PeerGuardian2 2010-06-10 04:06 . 2009-07-17 20:23 -------- d-----w- c:\program files\EvaluEat 2010-06-10 04:05 . 2010-04-12 04:38 -------- d-----w- c:\documents and settings\Johnny\Application Data\uTorrent 2010-06-07 07:24 . 2010-05-29 21:01 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-04 08:18 . 2009-02-15 11:33 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-06-03 02:47 . 2008-06-03 06:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-23 17:14 . 2010-05-23 17:14 503808 ----a-w- c:\documents and settings\Johnny\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-480f8b5a-n\msvcp71.dll 2010-05-23 17:14 . 2010-05-23 17:14 499712 ----a-w- c:\documents and settings\Johnny\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-480f8b5a-n\jmc.dll 2010-05-23 17:14 . 2010-05-23 17:14 348160 ----a-w- c:\documents and settings\Johnny\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-480f8b5a-n\msvcr71.dll 2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-04 17:20 . 2006-07-24 17:27 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20 . 2006-07-24 17:27 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20 . 2006-07-24 17:27 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-02 05:22 . 2006-07-24 17:27 1851264 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((( SnapShot@2010-07-17_21.13.36 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-27 15:31 . 2010-07-27 15:31 16384 c:\windows\Temp\Perflib_Perfdata_97c.dat - 2006-07-24 17:48 . 2010-07-17 20:46 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-07-24 17:48 . 2010-07-27 16:51 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2010-07-09 03:43 . 2010-07-17 20:09 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat + 2010-07-09 03:43 . 2010-07-26 04:08 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat - 2006-07-24 17:48 . 2010-07-17 20:46 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2006-07-24 17:48 . 2010-07-27 16:51 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-07-21 06:01 . 2010-07-21 06:01 372736 c:\windows\Installer\{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}\iTunesIco.exe + 2006-07-24 17:48 . 2010-07-27 16:51 2965504 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2010-07-21 06:01 . 2010-07-21 06:01 5731328 c:\windows\Installer\4d729b3.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-30 57344] "Google Update"="c:\documents and settings\Johnny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-04 133104] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-28 217088] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-02 1077248] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-30 40960] "mm_server"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2006-01-17 86016] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248] "Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144] "PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-17 20:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Linksys\\Network Storage\\Network Drive Mapping Utility.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/2/2008 11:24 PM 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/2/2008 11:24 PM 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 1:18 PM 308136] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [10/8/2007 8:47 PM 11136] R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [10/8/2007 8:47 PM 37248] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 10:28 AM 30080] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/24/2006 10:28 AM 226304] S2 gupdate1c9c8c43a9f7311;Google Update Service (gupdate1c9c8c43a9f7311);c:\program files\Google\Update\GoogleUpdate.exe [4/29/2009 5:15 AM 133104] S3 BCORETH5;BCORETH5 NDIS Protocol Driver;c:\windows\system32\bcoreth5.sys [12/10/2003 9:40 AM 31650] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] S3 ZZZMPR5;ZZZMPR5 NDIS Protocol Driver;\??\c:\windows\system32\ZZZMPR5.SYS --> c:\windows\system32\ZZZMPR5.SYS [?] . Contents of the 'Scheduled Tasks' folder 2009-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 12:15] 2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 12:15] 2010-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867647161-3454657936-249017194-1007Core.job - c:\documents and settings\Johnny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-04 04:15] 2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867647161-3454657936-249017194-1007UA.job - c:\documents and settings\Johnny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-04 04:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sony.com/vaiopeople uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 Trusted Zone: trymedia.com FF - ProfilePath - c:\documents and settings\Johnny\Application Data\Mozilla\Firefox\Profiles\3tacws2k.default\ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll FF - plugin: c:\documents and settings\Johnny\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-27 09:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... c:\program files\Internet Explorer\iexplore.exe [696] 0x888899E0 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(904) c:\windows\system32\VESWinlogon.dll - - - - - - - > 'explorer.exe'(1968) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-07-27 10:01:43 ComboFix-quarantined-files.txt 2010-07-27 17:01 ComboFix2.txt 2010-07-17 21:15 Pre-Run: 51,409,580,032 bytes free Post-Run: 51,636,195,328 bytes free - - End Of File - - 41869A54C3D7356F8ADA04FE0466C9D4
-
The same computer.
-
The contents of the log from Dr.Web: AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\AOL Setup\COMPS\COACH\AOLCINST.EXE;Adware.Gdown;; AOLCINST.EXE;C:\Program Files\Online Services\AOL Setup\COMPS\COACH;Archive contains infected objects;Moved.; A0061149.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP314\A0061149.EXE;Adware.Gdown;; A0061149.EXE;C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP314;Archive contains infected objects;Moved.; This bug's a survivor, Maniac. The second my computer rebooted, I got an IE pop-up.
-
Something's still trying to pop up in IE.
-
Combo-Fix.txt: ComboFix 10-07-16.01 - Johnny 07/17/2010 14:02:43.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1368 [GMT -7:00] Running from: c:\documents and settings\Johnny\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\setup.exe c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000007_.tmp.dll c:\windows\system32\_000010_.tmp.dll c:\windows\system32\_000011_.tmp.dll c:\windows\system32\_000012_.tmp.dll c:\windows\system32\Thumbs.db c:\windows\xpsp1hfm.log . ((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 ))))))))))))))))))))))))))))))) . 2010-07-17 20:18 . 2010-07-17 20:18 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-07-17 20:18 . 2010-07-17 20:18 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-07-17 20:18 . 2010-07-17 20:18 2448224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\prepare\avguiadv.dll 2010-07-17 20:18 . 2010-07-17 20:18 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\prepare\avgtray.exe 2010-07-17 20:18 . 2010-07-17 20:18 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\prepare\avgssie.dll 2010-07-17 20:18 . 2010-07-17 20:18 423520 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\prepare\avgwdwsc.dll 2010-07-17 20:18 . 2010-07-17 20:18 1518904 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\prepare\avgwd.dll 2010-07-17 20:17 . 2010-07-17 20:17 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll 2010-07-17 20:17 . 2010-07-17 20:17 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe 2010-07-17 20:17 . 2010-07-17 20:17 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-07-17 20:17 . 2010-07-17 20:17 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-07-14 06:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-07 06:56 . 2010-07-07 07:17 -------- d-----w- c:\windows\BDOSCAN8 2010-07-07 06:40 . 2010-07-07 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2010-07-02 08:47 . 2010-07-02 08:47 -------- d-----w- c:\documents and settings\Johnny\Application Data\Malwarebytes 2010-07-02 08:46 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-02 08:46 . 2010-07-02 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-02 08:46 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-02 08:46 . 2010-07-02 08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-01 06:05 . 2010-07-01 06:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-06-25 05:16 . 2010-06-25 05:16 -------- d-----w- c:\program files\iPod 2010-06-25 05:16 . 2010-06-25 05:17 -------- d-----w- c:\program files\iTunes 2010-06-25 05:12 . 2010-04-20 03:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-06-25 05:12 . 2010-04-20 03:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-06-25 05:11 . 2010-06-25 05:11 -------- d-----w- c:\program files\Bonjour 2010-06-25 05:06 . 2010-06-25 05:06 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-17 20:18 . 2008-06-03 06:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-17 20:18 . 2008-06-03 06:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-17 20:11 . 2010-05-15 05:56 0 ----a-w- c:\documents and settings\Johnny\Local Settings\Application Data\prvlcl.dat 2010-07-10 07:13 . 2009-03-26 12:05 -------- d-----w- c:\documents and settings\Johnny\Application Data\Apple Computer 2010-07-10 07:13 . 2009-05-01 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-07-10 01:50 . 2006-07-24 10:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys 2010-07-09 04:46 . 2007-08-15 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2010-07-09 04:23 . 2006-07-24 18:53 -------- d-----w- c:\program files\Java 2010-07-07 07:29 . 2010-04-22 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-07 06:04 . 2006-08-02 20:15 -------- d-----w- c:\program files\Trend Micro 2010-07-06 06:57 . 2009-01-17 14:09 28972 ---ha-w- c:\windows\system32\mlfcache.dat 2010-06-25 05:16 . 2009-05-01 01:23 -------- d-----w- c:\program files\Common Files\Apple 2010-06-14 14:31 . 2006-07-24 17:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-10 04:06 . 2010-05-05 03:18 -------- d-----w- c:\program files\PeerGuardian2 2010-06-10 04:06 . 2009-07-17 20:23 -------- d-----w- c:\program files\EvaluEat 2010-06-10 04:05 . 2010-04-12 04:38 -------- d-----w- c:\documents and settings\Johnny\Application Data\uTorrent 2010-06-07 07:24 . 2010-05-29 21:01 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-04 08:18 . 2009-02-15 11:33 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-06-03 02:47 . 2008-06-03 06:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-23 17:14 . 2010-05-23 17:14 503808 ----a-w- c:\documents and settings\Johnny\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-480f8b5a-n\msvcp71.dll 2010-05-23 17:14 . 2010-05-23 17:14 499712 ----a-w- c:\documents and settings\Johnny\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-480f8b5a-n\jmc.dll 2010-05-23 17:14 . 2010-05-23 17:14 348160 ----a-w- c:\documents and settings\Johnny\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-480f8b5a-n\msvcr71.dll 2010-05-23 08:06 . 2010-05-23 08:06 -------- d-----w- c:\program files\Microsoft.NET 2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-04 17:20 . 2006-07-24 17:27 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20 . 2006-07-24 17:27 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20 . 2006-07-24 17:27 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-02 05:22 . 2006-07-24 17:27 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-22 05:01 . 2008-06-03 06:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-04-20 05:30 . 2006-07-24 17:27 285696 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-30 57344] "Google Update"="c:\documents and settings\Johnny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-04 133104] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-28 217088] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-02 1077248] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-30 40960] "mm_server"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2006-01-17 86016] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248] "Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144] "PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-04-22 05:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/2/2008 11:24 PM 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/2/2008 11:24 PM 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/21/2010 9:59 PM 308064] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [10/8/2007 8:47 PM 11136] R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [10/8/2007 8:47 PM 37248] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 10:28 AM 30080] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/24/2006 10:28 AM 226304] S2 gupdate1c9c8c43a9f7311;Google Update Service (gupdate1c9c8c43a9f7311);c:\program files\Google\Update\GoogleUpdate.exe [4/29/2009 5:15 AM 133104] S3 BCORETH5;BCORETH5 NDIS Protocol Driver;c:\windows\system32\bcoreth5.sys [12/10/2003 9:40 AM 31650] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] S3 ZZZMPR5;ZZZMPR5 NDIS Protocol Driver;\??\c:\windows\system32\ZZZMPR5.SYS --> c:\windows\system32\ZZZMPR5.SYS [?] . Contents of the 'Scheduled Tasks' folder 2009-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 12:15] 2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 12:15] 2010-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867647161-3454657936-249017194-1007Core.job - c:\documents and settings\Johnny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-04 04:15] 2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867647161-3454657936-249017194-1007UA.job - c:\documents and settings\Johnny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-04 04:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sony.com/vaiopeople uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 Trusted Zone: trymedia.com FF - ProfilePath - c:\documents and settings\Johnny\Application Data\Mozilla\Firefox\Profiles\3tacws2k.default\ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll FF - plugin: c:\documents and settings\Johnny\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-Network Drive Mapping Utility - (no file) SafeBoot-klmdb.sys AddRemove-HP OrderReminder - c:\program files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-17 14:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(896) c:\windows\system32\VESWinlogon.dll . Completion time: 2010-07-17 14:15:20 ComboFix-quarantined-files.txt 2010-07-17 21:15 Pre-Run: 50,623,418,368 bytes free Post-Run: 52,754,063,360 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - F462B6BC377EDE397E37AA385DD0721B
-
Still infected.
-
Contents of "TDSSKiller.txt": 18:48:42:203 5964 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 18:48:42:203 5964 ================================================================================ 18:48:42:203 5964 SystemInfo: 18:48:42:203 5964 OS Version: 5.1.2600 ServicePack: 3.0 18:48:42:203 5964 Product type: Workstation 18:48:42:203 5964 ComputerName: SONY-LT 18:48:42:203 5964 UserName: Johnny 18:48:42:203 5964 Windows directory: C:\WINDOWS 18:48:42:203 5964 System windows directory: C:\WINDOWS 18:48:42:203 5964 Processor architecture: Intel x86 18:48:42:203 5964 Number of processors: 2 18:48:42:203 5964 Page size: 0x1000 18:48:42:203 5964 Boot type: Normal boot 18:48:42:203 5964 ================================================================================ 18:48:42:515 5964 Initialize success 18:48:42:515 5964 18:48:42:515 5964 Scanning Services ... 18:48:43:203 5964 Raw services enum returned 396 services 18:48:43:218 5964 18:48:43:218 5964 Scanning Drivers ... 18:48:44:937 5964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:48:44:968 5964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 18:48:45:031 5964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 18:48:45:093 5964 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys 18:48:45:171 5964 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 18:48:45:281 5964 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 18:48:45:453 5964 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 18:48:45:546 5964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:48:45:593 5964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:48:45:640 5964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:48:45:703 5964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:48:45:781 5964 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\system32\Drivers\avgldx86.sys 18:48:45:812 5964 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys 18:48:45:875 5964 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINDOWS\system32\Drivers\avgtdix.sys 18:48:46:062 5964 BCORETH5 (59cc3c053825e39a335ad2b42f634562) C:\WINDOWS\system32\BCORETH5.SYS 18:48:46:156 5964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:48:46:203 5964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:48:46:265 5964 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 18:48:46:328 5964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:48:46:359 5964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 18:48:46:421 5964 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys 18:48:46:593 5964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:48:46:625 5964 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 18:48:46:656 5964 Compbatt (5d3079ed06f6d21360c7cfeeca94d297) C:\WINDOWS\system32\DRIVERS\compbatt.sys 18:48:46:656 5964 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 5d3079ed06f6d21360c7cfeeca94d297, Fake md5: 6e4c9f21f0fae8940661144f41b13203 18:48:46:656 5964 File "C:\WINDOWS\system32\DRIVERS\compbatt.sys" infected by TDSS rootkit ... 18:48:48:609 5964 Backup copy found, using it.. 18:48:48:656 5964 will be cured on next reboot 18:48:48:875 5964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 18:48:48:953 5964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 18:48:49:031 5964 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys 18:48:49:093 5964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 18:48:49:156 5964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:48:49:343 5964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 18:48:49:390 5964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 18:48:49:453 5964 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys 18:48:49:515 5964 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 18:48:49:609 5964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 18:48:49:828 5964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 18:48:49:859 5964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 18:48:49:890 5964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 18:48:49:984 5964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 18:48:50:031 5964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:48:50:093 5964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:48:50:187 5964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 18:48:50:375 5964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:48:50:421 5964 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys 18:48:50:484 5964 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 18:48:50:609 5964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:48:50:703 5964 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 18:48:50:921 5964 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 18:48:51:015 5964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 18:48:51:109 5964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:48:51:234 5964 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 18:48:51:609 5964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:48:51:703 5964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:48:51:750 5964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 18:48:52:000 5964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:48:52:046 5964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:48:52:093 5964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:48:52:156 5964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:48:52:203 5964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:48:52:343 5964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:48:52:359 5964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:48:52:421 5964 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 18:48:52:468 5964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 18:48:52:515 5964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 18:48:52:578 5964 lknuhst (16aa31702b14f0176df86409cc133b64) C:\WINDOWS\system32\DRIVERS\lknuhst.sys 18:48:52:625 5964 LKNUHUB (9b1eee47969a977da0d26c98c93cbe0b) C:\WINDOWS\system32\DRIVERS\lknuhub.sys 18:48:52:734 5964 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 18:48:52:890 5964 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 18:48:52:953 5964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:48:53:031 5964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 18:48:53:062 5964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:48:53:140 5964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:48:53:187 5964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 18:48:53:218 5964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:48:53:312 5964 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:48:53:484 5964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 18:48:53:531 5964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:48:53:546 5964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:48:53:562 5964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 18:48:53:609 5964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:48:53:656 5964 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 18:48:53:703 5964 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 18:48:53:750 5964 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 18:48:53:796 5964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 18:48:53:968 5964 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 18:48:54:031 5964 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:48:54:062 5964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:48:54:078 5964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:48:54:093 5964 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 18:48:54:125 5964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:48:54:187 5964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:48:54:234 5964 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 18:48:54:265 5964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 18:48:54:312 5964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 18:48:54:484 5964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:48:54:671 5964 nv (4f56e52f7ce6ac737adb1bb2a1854592) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 18:48:54:937 5964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:48:54:968 5964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:48:55:031 5964 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 18:48:55:046 5964 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 18:48:55:078 5964 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 18:48:55:125 5964 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 18:48:55:171 5964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 18:48:55:187 5964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 18:48:55:218 5964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 18:48:55:234 5964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 18:48:55:296 5964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:48:55:328 5964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 18:48:55:578 5964 pelmouse (59b3101f20056104c011e0c68aebb840) C:\WINDOWS\system32\DRIVERS\pelmouse.sys 18:48:55:609 5964 pelusblf (f1ce775af376faf3ffefb4ff8cbdfbf3) C:\WINDOWS\system32\DRIVERS\pelusblf.sys 18:48:55:718 5964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:48:55:734 5964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 18:48:55:765 5964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:48:55:796 5964 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 18:48:55:921 5964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:48:55:968 5964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:48:56:093 5964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:48:56:171 5964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:48:56:218 5964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:48:56:265 5964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:48:56:312 5964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:48:56:359 5964 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 18:48:56:406 5964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:48:56:468 5964 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys 18:48:56:671 5964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:48:56:718 5964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 18:48:56:843 5964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 18:48:56:890 5964 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys 18:48:56:953 5964 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys 18:48:56:984 5964 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys 18:48:57:031 5964 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 18:48:57:078 5964 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys 18:48:57:156 5964 SonyImgF (c483fc0add8b074286600b9620ef2c16) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys 18:48:57:375 5964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 18:48:57:421 5964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 18:48:57:484 5964 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 18:48:57:625 5964 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys 18:48:57:937 5964 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 18:48:57:984 5964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:48:58:015 5964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 18:48:58:093 5964 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys 18:48:58:187 5964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 18:48:58:281 5964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:48:58:468 5964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:48:58:500 5964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 18:48:58:546 5964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:48:58:625 5964 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys 18:48:58:687 5964 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys 18:48:58:765 5964 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys 18:48:58:968 5964 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys 18:48:59:000 5964 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys 18:48:59:062 5964 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys 18:48:59:093 5964 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 18:48:59:140 5964 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 18:48:59:187 5964 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys 18:48:59:218 5964 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys 18:48:59:296 5964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 18:48:59:390 5964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 18:48:59:437 5964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:48:59:593 5964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:48:59:609 5964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:48:59:656 5964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 18:48:59:687 5964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 18:48:59:750 5964 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:48:59:812 5964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:48:59:906 5964 usbvm321 (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys 18:49:00:062 5964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 18:49:00:125 5964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 18:49:00:281 5964 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys 18:49:00:359 5964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:49:00:531 5964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 18:49:00:640 5964 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 18:49:00:718 5964 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 18:49:00:765 5964 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 18:49:00:843 5964 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 18:49:01:000 5964 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 18:49:01:015 5964 Reboot required for cure complete.. 18:49:01:937 5964 Cure on reboot scheduled successfully 18:49:01:937 5964 18:49:01:937 5964 Completed 18:49:01:937 5964 18:49:01:937 5964 Results: 18:49:01:937 5964 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 18:49:01:937 5964 File objects infected / cured / cured on reboot: 1 / 0 / 1 18:49:01:937 5964 18:49:02:046 5964 KLMD(ARK) unloaded successfully
-
Hi, Borislav. Thanks for helping! New Malwarebytes' Anti-Malware log file: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4294 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 7/8/2010 10:16:54 PM mbam-log-2010-07-08 (22-16-54).txt Scan type: Quick scan Objects scanned: 164311 Time elapsed: 28 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) New fresh DDS log: DDS (Ver_10-03-17.01) - NTFSx86 Run by Johnny at 22:39:36.98 on Thu 07/08/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.780 [GMT -7:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== svchost.exe 4 C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe 4 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe svchost.exe C:\Program Files\DISC\DISCover.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Documents and Settings\Johnny\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\DISC\DiscStreamHub.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Johnny\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.sony.com/vaiopeople uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Network Drive Mapping Utility] uRun: [Google Update] "c:\documents and settings\johnny\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe" mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary mRun: [Mouse Suite 98 Daemon] ICO.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [<NO NAME>] mRun: [switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe" mRun: [DISCover] c:\program files\disc\DISCover.exe mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe mRun: [mm_server] c:\program files\musicmatch\musicmatch jukebox\mm_server.exe mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe" mRun: [Network Drive Mapping Utility] "c:\program files\linksys\network storage\Network Drive Mapping Utility.exe" Z mRun: [PSDiagnosticM] "c:\program files\linksys wireless-g print server\PSDiagnosticM.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.5.0_07\bin\jusched.exe" dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\npjpi150_07.dll IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll Trusted Zone: trymedia.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187757144093 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\johnny\applic~1\mozilla\firefox\profiles\3tacws2k.default\ FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll FF - plugin: c:\documents and settings\johnny\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dll FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPOJI610.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-2 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-2 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-2 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-21 308064] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-2 1119888] R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [2007-10-8 11136] R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [2007-10-8 37248] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-2 38224] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-24 30080] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-24 226304] S2 gupdate1c9c8c43a9f7311;Google Update Service (gupdate1c9c8c43a9f7311);c:\program files\google\update\GoogleUpdate.exe [2009-4-29 133104] S3 BCORETH5;BCORETH5 NDIS Protocol Driver;c:\windows\system32\bcoreth5.sys [2003-12-10 31650] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?] S3 ZZZMPR5;ZZZMPR5 NDIS Protocol Driver;\??\c:\windows\system32\zzzmpr5.sys --> c:\windows\system32\ZZZMPR5.SYS [?] =============== Created Last 30 ================ 2010-07-09 04:23:34 49265 ----a-w- c:\windows\system32\jpicpl32.cpl 2010-07-07 06:40:14 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure 2010-07-02 09:22:45 0 ----a-w- c:\documents and settings\johnny\defogger_reenable 2010-07-02 08:47:14 0 d-----w- c:\docume~1\johnny\applic~1\Malwarebytes 2010-07-02 08:46:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-02 08:46:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-02 08:46:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-07-02 08:46:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-25 05:16:32 0 d-----w- c:\program files\iPod 2010-06-25 05:16:25 0 d-----w- c:\program files\iTunes 2010-06-25 05:11:41 0 d-----w- c:\program files\Bonjour ==================== Find3M ==================== 2010-07-06 06:57:32 28972 ---ha-w- c:\windows\system32\mlfcache.dat 2010-06-03 02:47:20 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-22 05:01:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2009-02-16 00:21:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021520090216\index.dat ============= FINISH: 22:41:24.14 =============== I can't post a JavaRa log because the program keeps crashing during the "Remove Older Versions" step. Also, I didn't manually delete any of the Java folders. I wasn't sure whether or not I should wait to complete the JavaRa steps first. Please, advise.
-
Something has infected my computer pretty badly. Some of the many symptoms are: Pop-ups Redirection when I click on search engine links Random ads playing over my speakers Volume getting turned down Here's the most recent Malwarebytes' Anti-Malware log file: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4266 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 7/2/2010 2:15:26 AM mbam-log-2010-07-02 (02-15-26).txt Scan type: Quick scan Objects scanned: 152824 Time elapsed: 26 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Johnny\Local Settings\Temp\e6b512a2.exe (Rogue.AVSecuritySuite) -> Quarantined and deleted successfully. Here are the contents of 'DDS.txt': DDS (Ver_10-03-17.01) - NTFSx86 Run by Johnny at 2:26:28.73 on Fri 07/02/2010 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1174 [GMT -7:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe 4 svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe 4 svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe svchost.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Documents and Settings\Johnny\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\DISC\DiscStreamHub.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Johnny\My Documents\Downloads\Defogger.exe C:\Documents and Settings\Johnny\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.sony.com/vaiopeople uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Network Drive Mapping Utility] uRun: [Google Update] "c:\documents and settings\johnny\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe" mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary mRun: [Mouse Suite 98 Daemon] ICO.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [<NO NAME>] mRun: [switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe" mRun: [DISCover] c:\program files\disc\DISCover.exe mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe mRun: [mm_server] c:\program files\musicmatch\musicmatch jukebox\mm_server.exe mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe" mRun: [Network Drive Mapping Utility] "c:\program files\linksys\network storage\Network Drive Mapping Utility.exe" Z mRun: [PSDiagnosticM] "c:\program files\linksys wireless-g print server\PSDiagnosticM.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll Trusted Zone: trymedia.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187757144093 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\johnny\applic~1\mozilla\firefox\profiles\3tacws2k.default\ FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll FF - plugin: c:\documents and settings\johnny\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-2 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-2 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-2 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-21 308064] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-2 1119888] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-2 24652] R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [2007-10-8 11136] R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [2007-10-8 37248] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-24 30080] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-24 226304] S2 gupdate1c9c8c43a9f7311;Google Update Service (gupdate1c9c8c43a9f7311);c:\program files\google\update\GoogleUpdate.exe [2009-4-29 133104] S3 BCORETH5;BCORETH5 NDIS Protocol Driver;c:\windows\system32\bcoreth5.sys [2003-12-10 31650] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?] S3 ZZZMPR5;ZZZMPR5 NDIS Protocol Driver;\??\c:\windows\system32\zzzmpr5.sys --> c:\windows\system32\ZZZMPR5.SYS [?] =============== Created Last 30 ================ 2010-07-02 09:22:45 0 ----a-w- c:\documents and settings\johnny\defogger_reenable 2010-07-02 08:47:14 0 d-----w- c:\docume~1\johnny\applic~1\Malwarebytes 2010-07-02 08:46:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-02 08:46:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-02 08:46:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-07-02 08:46:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-25 05:16:32 0 d-----w- c:\program files\iPod 2010-06-25 05:16:25 0 d-----w- c:\program files\iTunes 2010-06-25 05:11:41 0 d-----w- c:\program files\Bonjour 2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr ==================== Find3M ==================== 2010-06-03 02:47:20 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-22 05:01:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2009-02-16 00:21:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021520090216\index.dat ============= FINISH: 2:28:26.98 =============== That's as far as I can get in the steps because GMER Rootkit Scanner hangs on me every time I run it. Thank you, in advance, for your help! Attach.zip