Jump to content

Caroleb

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. All done! I think I will replace my antivirus software with those suggested in the website you linked. THANK YOU!
  2. everything is working great!! Thank you so much for helping me out. Are we done? so how about a recommendation for antiviral software. I think I reconfigured Sophos to be even stricter now, but if there is something better out there, I am definitely willing to try it.
  3. I should add, that although Sophos on access scan is disabled while Combofix is running, it always seems to find a NirCmd afterwards, which I clean up. Not sure if it is related.
  4. How about now? For some reason, I had not copied the 'Folder::' part... silly me, sorry. ComboFix 11-02-25.01 - Rivka 02/26/2011 6:51.4.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.952 [GMT -7:00] Running from: c:\users\Rivka\Desktop\Combo-Fix.exe Command switches used :: c:\users\Rivka\Desktop\CFScript.txt AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\fEhPmMp08200 c:\programdata\fEhPmMp08200\fEhPmMp08200 Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected Restored copy from - c:\windows\ERDNT\cache\atapi.sys . ((((((((((((((((((((((((( Files Created from 2011-01-26 to 2011-02-26 ))))))))))))))))))))))))))))))) . 2011-02-26 14:05 . 2011-02-26 14:12 -------- d-----w- c:\users\Rivka\AppData\Local\temp 2011-02-26 14:05 . 2011-02-26 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-25 13:29 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50438D47-114E-4C5E-98AA-8D7663ADF1E3}\mpengine.dll 2011-02-24 22:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll 2011-02-24 18:59 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-02-24 18:59 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-23 15:42 . 2011-02-23 15:42 -------- d-----w- c:\users\Rivka\AppData\Roaming\Log 2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\users\Rivka\AppData\Roaming\Malwarebytes 2011-02-23 01:50 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\programdata\Malwarebytes 2011-02-23 01:49 . 2011-02-23 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 01:49 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 01:31 . 2011-02-23 01:31 -------- d-----w- c:\users\Rivka\AppData\Roaming\Sammsoft 2011-02-23 01:30 . 2011-02-23 14:00 -------- d-----w- c:\program files\ARO 2011 2011-02-22 20:10 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2011-02-22 20:08 . 2011-02-22 20:08 -------- d-----w- c:\users\Rivka\AppData\Local\Sophos 2011-02-22 20:07 . 2010-09-23 01:47 112056 ----a-w- c:\windows\system32\acaptuser32.dll 2011-02-17 20:58 . 2011-02-17 20:58 -------- d-----w- c:\users\Rivka\AppData\Local\ElevatedDiagnostics 2011-02-15 16:33 . 2011-02-15 16:33 256 ----a-w- c:\windows\system32\pool.bin 2011-02-15 16:13 . 2009-01-09 23:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys 2011-02-10 03:16 . 2011-02-16 20:32 -------- d-----w- c:\program files\Microsoft Silverlight 2011-02-03 20:47 . 2011-02-03 21:06 -------- d-----w- c:\users\Rivka\AppData\Roaming\Auslogics 2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\users\Rivka\AppData\Roaming\upromise 2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\program files\Upromise . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-13 21:19 . 2010-12-24 16:12 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2011-02-03 00:11 . 2010-12-23 02:31 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-01 15:28 . 2010-12-24 16:12 88 --sh--r- c:\programdata\46BD3B2112.sys 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTRK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTHA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrNLD.lrc 2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrITA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrHUN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrFRA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrRUS.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTG.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPLK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrSVE.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrNOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrFIN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 204800 ----a-w- c:\windows\system32\igfxrTRK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 196608 ----a-w- c:\windows\system32\igfxrTHA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 188416 ----a-w- c:\windows\system32\igfxrHEB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrKOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrJPN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressSVE.lrc 2011-01-12 19:54 . 2010-03-05 02:04 502296 ----a-w- c:\windows\system32\igfxsrvc.exe 2011-01-12 19:54 . 2010-03-05 02:04 45056 ----a-w- c:\windows\system32\igfxsrvc.dll 2011-01-12 19:54 . 2010-03-05 02:04 137752 ----a-w- c:\windows\system32\igfxtray.exe 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTG.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPLK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressHUN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressESP.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressHEB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressFRA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressJPN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressITA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressKOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressDEU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressRUS.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNLD.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressDAN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressCSY.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressFIN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressENU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressELL.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHT.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHS.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressARA.lrc 2011-01-12 19:54 . 2010-03-05 02:04 3334144 ----a-w- c:\windows\system32\igfxress.dll 2011-01-12 19:54 . 2011-01-12 19:54 895512 ----a-w- c:\windows\system32\igfxcfg.exe 2011-01-12 19:54 . 2011-01-12 19:54 648832 ----a-w- c:\windows\system32\drivers\igdkmd32.sys 2011-01-12 19:54 . 2011-01-12 19:54 327680 ----a-w- c:\windows\system32\igfxcpl.cpl 2011-01-12 19:54 . 2011-01-12 19:54 307200 ----a-w- c:\windows\system32\igfxdo.dll 2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxres.dll 2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxrENU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrELL.lrc 2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrDEU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrESP.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrDAN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrCSY.lrc 2011-01-12 19:54 . 2011-01-12 19:54 200704 ----a-w- c:\windows\system32\igfxpph.dll 2011-01-12 19:54 . 2011-01-12 19:54 192512 ----a-w- c:\windows\system32\igfxrARA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHT.lrc 2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHS.lrc 2011-01-12 19:54 . 2010-08-06 12:45 977432 ----a-w- c:\windows\system32\lpgun.exe 2011-01-12 19:54 . 2010-03-05 02:04 350744 ----a-w- c:\windows\system32\hkcmd.exe 2011-01-12 19:54 . 2010-03-05 02:04 258048 ----a-w- c:\windows\system32\hccutils.dll 2011-01-12 19:54 . 2010-03-05 02:04 23040 ----a-w- c:\windows\system32\IgfxExtps.dll 2011-01-12 19:54 . 2010-03-05 02:04 174616 ----a-w- c:\windows\system32\IgfxExt.exe 2011-01-12 19:54 . 2010-03-05 02:04 1418752 ----a-w- c:\windows\system32\igdumd32.dll 2010-12-23 16:29 . 2002-02-10 08:00 72748 ----a-w- c:\windows\unins000.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144] "Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2010-12-02 175800] "Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2010-12-14 241360] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-07-28 526992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-01 8505888] "vncutil"="c:\program files\Realtek\Audio\HDA\vncutil.exe" [2010-03-01 358944] "SmartWiHelper"="c:\program files\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784] "Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-12 350744] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976] c:\users\Rivka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936] Dropbox.lnk - c:\users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712] VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936] VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll c:\windows\System32\acaptuser32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-22 43944] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-22 29472] R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-12-23 122880] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-02-20 91504] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 746864] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-23 1343400] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-01-20 316416] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2009-02-09 22536] R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936] S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 23712] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-10-08 122360] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 Oasis2Service;Oasis2Service;c:\program files\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-25 46080] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2010-03-01 133664] S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056] S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520] S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008] S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336] S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776] S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416] S3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-02-15 68144] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408] S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-01-12 648832] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-01-21 9344] S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 222064] S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-01-22 14720] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 513392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2011-02-23 c:\windows\Tasks\ARO 2011.job - c:\program files\ARO 2011\ARO.exe [2011-02-23 16:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(3676) c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WUDFHost.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Sophos\AutoUpdate\ALsvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\windows\system32\DllHost.exe c:\program files\Sony\VAIO Care\VCSpt.exe c:\program files\Sony\VAIO Power Management\SPMgr.exe c:\program files\Sony\VAIO Event Service\VESMgrSub.exe c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe c:\windows\System32\rundll32.exe c:\windows\system32\conhost.exe c:\program files\Sony\VAIO Care\VCsystray.exe c:\windows\System32\vds.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2011-02-26 07:16:36 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-26 14:16 ComboFix2.txt 2011-02-25 21:01 ComboFix3.txt 2011-02-25 19:34 ComboFix4.txt 2011-02-24 22:29 Pre-Run: 72,230,580,224 bytes free Post-Run: 72,185,815,040 bytes free - - End Of File - - 9B5FECD00575DF355B08B61C0D414389
  5. oops, sorry. See below (this time, the computer did not reboot. Hopefully, this is a good sign). ComboFix 11-02-24.05 - Rivka 02/25/2011 13:41:50.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1127 [GMT -7:00] Running from: c:\users\Rivka\Desktop\Combo-Fix.exe Command switches used :: c:\users\Rivka\Desktop\CFScript.txt AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 ))))))))))))))))))))))))))))))) . 2011-02-25 20:56 . 2011-02-25 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-25 13:29 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50438D47-114E-4C5E-98AA-8D7663ADF1E3}\mpengine.dll 2011-02-24 22:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll 2011-02-24 21:19 . 2011-02-25 20:56 -------- d-----w- c:\users\Rivka\AppData\Local\temp 2011-02-24 18:59 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-02-24 18:59 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-23 15:42 . 2011-02-23 15:42 -------- d-----w- c:\users\Rivka\AppData\Roaming\Log 2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\users\Rivka\AppData\Roaming\Malwarebytes 2011-02-23 01:50 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\programdata\Malwarebytes 2011-02-23 01:49 . 2011-02-23 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 01:49 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 01:31 . 2011-02-23 01:31 -------- d-----w- c:\users\Rivka\AppData\Roaming\Sammsoft 2011-02-23 01:30 . 2011-02-23 14:00 -------- d-----w- c:\program files\ARO 2011 2011-02-22 20:10 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2011-02-22 20:08 . 2011-02-22 20:08 -------- d-----w- c:\users\Rivka\AppData\Local\Sophos 2011-02-22 20:07 . 2010-09-23 01:47 112056 ----a-w- c:\windows\system32\acaptuser32.dll 2011-02-22 19:22 . 2011-02-22 19:57 -------- d-----w- c:\programdata\fEhPmMp08200 2011-02-17 20:58 . 2011-02-17 20:58 -------- d-----w- c:\users\Rivka\AppData\Local\ElevatedDiagnostics 2011-02-15 16:33 . 2011-02-15 16:33 256 ----a-w- c:\windows\system32\pool.bin 2011-02-15 16:13 . 2009-01-09 23:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys 2011-02-10 03:16 . 2011-02-16 20:32 -------- d-----w- c:\program files\Microsoft Silverlight 2011-02-03 20:47 . 2011-02-03 21:06 -------- d-----w- c:\users\Rivka\AppData\Roaming\Auslogics 2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\users\Rivka\AppData\Roaming\upromise 2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\program files\Upromise . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-13 21:19 . 2010-12-24 16:12 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2011-02-03 00:11 . 2010-12-23 02:31 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-01 15:28 . 2010-12-24 16:12 88 --sh--r- c:\programdata\46BD3B2112.sys 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTRK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTHA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrNLD.lrc 2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrITA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrHUN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrFRA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrRUS.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTG.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPLK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrSVE.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrNOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrFIN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 204800 ----a-w- c:\windows\system32\igfxrTRK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 196608 ----a-w- c:\windows\system32\igfxrTHA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 188416 ----a-w- c:\windows\system32\igfxrHEB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrKOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrJPN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressSVE.lrc 2011-01-12 19:54 . 2010-03-05 02:04 502296 ----a-w- c:\windows\system32\igfxsrvc.exe 2011-01-12 19:54 . 2010-03-05 02:04 45056 ----a-w- c:\windows\system32\igfxsrvc.dll 2011-01-12 19:54 . 2010-03-05 02:04 137752 ----a-w- c:\windows\system32\igfxtray.exe 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTG.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPLK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressHUN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressESP.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressHEB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressFRA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressJPN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressITA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressKOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressDEU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressRUS.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNLD.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressDAN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressCSY.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressFIN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressENU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressELL.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHT.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHS.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressARA.lrc 2011-01-12 19:54 . 2010-03-05 02:04 3334144 ----a-w- c:\windows\system32\igfxress.dll 2011-01-12 19:54 . 2011-01-12 19:54 895512 ----a-w- c:\windows\system32\igfxcfg.exe 2011-01-12 19:54 . 2011-01-12 19:54 648832 ----a-w- c:\windows\system32\drivers\igdkmd32.sys 2011-01-12 19:54 . 2011-01-12 19:54 327680 ----a-w- c:\windows\system32\igfxcpl.cpl 2011-01-12 19:54 . 2011-01-12 19:54 307200 ----a-w- c:\windows\system32\igfxdo.dll 2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxres.dll 2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxrENU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrELL.lrc 2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrDEU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrESP.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrDAN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrCSY.lrc 2011-01-12 19:54 . 2011-01-12 19:54 200704 ----a-w- c:\windows\system32\igfxpph.dll 2011-01-12 19:54 . 2011-01-12 19:54 192512 ----a-w- c:\windows\system32\igfxrARA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHT.lrc 2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHS.lrc 2011-01-12 19:54 . 2010-08-06 12:45 977432 ----a-w- c:\windows\system32\lpgun.exe 2011-01-12 19:54 . 2010-03-05 02:04 350744 ----a-w- c:\windows\system32\hkcmd.exe 2011-01-12 19:54 . 2010-03-05 02:04 258048 ----a-w- c:\windows\system32\hccutils.dll 2011-01-12 19:54 . 2010-03-05 02:04 23040 ----a-w- c:\windows\system32\IgfxExtps.dll 2011-01-12 19:54 . 2010-03-05 02:04 174616 ----a-w- c:\windows\system32\IgfxExt.exe 2011-01-12 19:54 . 2010-03-05 02:04 1418752 ----a-w- c:\windows\system32\igdumd32.dll 2010-12-23 16:29 . 2002-02-10 08:00 72748 ----a-w- c:\windows\unins000.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144] "Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2010-12-02 175800] "Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2010-12-14 241360] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-07-28 526992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-01 8505888] "vncutil"="c:\program files\Realtek\Audio\HDA\vncutil.exe" [2010-03-01 358944] "SmartWiHelper"="c:\program files\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784] "Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-12 350744] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976] c:\users\Rivka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936] Dropbox.lnk - c:\users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712] VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936] VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll c:\windows\System32\acaptuser32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-22 43944] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-22 29472] R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-12-23 122880] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-02-20 91504] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-23 1343400] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2009-02-09 22536] R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936] S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 23712] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-10-08 122360] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 Oasis2Service;Oasis2Service;c:\program files\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-25 46080] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2010-03-01 133664] S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056] S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520] S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008] S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336] S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776] S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416] S3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-02-15 68144] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408] S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-01-12 648832] S3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-01-21 9344] S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 222064] S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-01-22 14720] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 513392] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 746864] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-01-20 316416] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2011-02-23 c:\windows\Tasks\ARO 2011.job - c:\program files\ARO 2011\ARO.exe [2011-02-23 16:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(6908) c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll . Completion time: 2011-02-25 14:01:10 ComboFix-quarantined-files.txt 2011-02-25 21:01 ComboFix2.txt 2011-02-25 19:34 ComboFix3.txt 2011-02-24 22:29 Pre-Run: 72,560,517,120 bytes free Post-Run: 72,583,454,720 bytes free - - End Of File - - 002D4E653A1989C4F76AB636C7B4A72A
  6. There you go: ComboFix 11-02-24.05 - Rivka 02/25/2011 12:07:49.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.741 [GMT -7:00] Running from: c:\users\Rivka\Desktop\Combo-Fix.exe Command switches used :: c:\users\Rivka\Desktop\CFScript.txt.txt AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache\userinit.exe . ((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 ))))))))))))))))))))))))))))))) . 2011-02-25 19:23 . 2011-02-25 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-25 13:29 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50438D47-114E-4C5E-98AA-8D7663ADF1E3}\mpengine.dll 2011-02-24 22:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll 2011-02-24 21:19 . 2011-02-25 19:30 -------- d-----w- c:\users\Rivka\AppData\Local\temp 2011-02-24 18:59 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-02-24 18:59 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-23 15:42 . 2011-02-23 15:42 -------- d-----w- c:\users\Rivka\AppData\Roaming\Log 2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\users\Rivka\AppData\Roaming\Malwarebytes 2011-02-23 01:50 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\programdata\Malwarebytes 2011-02-23 01:49 . 2011-02-23 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 01:49 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 01:31 . 2011-02-23 01:31 -------- d-----w- c:\users\Rivka\AppData\Roaming\Sammsoft 2011-02-23 01:30 . 2011-02-23 14:00 -------- d-----w- c:\program files\ARO 2011 2011-02-22 20:10 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2011-02-22 20:08 . 2011-02-22 20:08 -------- d-----w- c:\users\Rivka\AppData\Local\Sophos 2011-02-22 20:07 . 2010-09-23 01:47 112056 ----a-w- c:\windows\system32\acaptuser32.dll 2011-02-22 19:22 . 2011-02-22 19:57 -------- d-----w- c:\programdata\fEhPmMp08200 2011-02-17 20:58 . 2011-02-17 20:58 -------- d-----w- c:\users\Rivka\AppData\Local\ElevatedDiagnostics 2011-02-15 16:33 . 2011-02-15 16:33 256 ----a-w- c:\windows\system32\pool.bin 2011-02-15 16:13 . 2009-01-09 23:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys 2011-02-10 03:16 . 2011-02-16 20:32 -------- d-----w- c:\program files\Microsoft Silverlight 2011-02-03 20:47 . 2011-02-03 21:06 -------- d-----w- c:\users\Rivka\AppData\Roaming\Auslogics 2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\users\Rivka\AppData\Roaming\upromise 2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\program files\Upromise . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-13 21:19 . 2010-12-24 16:12 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2011-02-03 00:11 . 2010-12-23 02:31 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-01 15:28 . 2010-12-24 16:12 88 --sh--r- c:\programdata\46BD3B2112.sys 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTRK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTHA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrNLD.lrc 2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrITA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrHUN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrFRA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrRUS.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTG.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPLK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrSVE.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrNOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrFIN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 204800 ----a-w- c:\windows\system32\igfxrTRK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 196608 ----a-w- c:\windows\system32\igfxrTHA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 188416 ----a-w- c:\windows\system32\igfxrHEB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrKOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrJPN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressSVE.lrc 2011-01-12 19:54 . 2010-03-05 02:04 502296 ----a-w- c:\windows\system32\igfxsrvc.exe 2011-01-12 19:54 . 2010-03-05 02:04 45056 ----a-w- c:\windows\system32\igfxsrvc.dll 2011-01-12 19:54 . 2010-03-05 02:04 137752 ----a-w- c:\windows\system32\igfxtray.exe 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTG.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPLK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressHUN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressESP.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressHEB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressFRA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressJPN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressITA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressKOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressDEU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressRUS.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNLD.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressDAN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressCSY.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressFIN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressENU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressELL.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHT.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHS.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressARA.lrc 2011-01-12 19:54 . 2010-03-05 02:04 3334144 ----a-w- c:\windows\system32\igfxress.dll 2011-01-12 19:54 . 2011-01-12 19:54 895512 ----a-w- c:\windows\system32\igfxcfg.exe 2011-01-12 19:54 . 2011-01-12 19:54 648832 ----a-w- c:\windows\system32\drivers\igdkmd32.sys 2011-01-12 19:54 . 2011-01-12 19:54 327680 ----a-w- c:\windows\system32\igfxcpl.cpl 2011-01-12 19:54 . 2011-01-12 19:54 307200 ----a-w- c:\windows\system32\igfxdo.dll 2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxres.dll 2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxrENU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrELL.lrc 2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrDEU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrESP.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrDAN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrCSY.lrc 2011-01-12 19:54 . 2011-01-12 19:54 200704 ----a-w- c:\windows\system32\igfxpph.dll 2011-01-12 19:54 . 2011-01-12 19:54 192512 ----a-w- c:\windows\system32\igfxrARA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHT.lrc 2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHS.lrc 2011-01-12 19:54 . 2010-08-06 12:45 977432 ----a-w- c:\windows\system32\lpgun.exe 2011-01-12 19:54 . 2010-03-05 02:04 350744 ----a-w- c:\windows\system32\hkcmd.exe 2011-01-12 19:54 . 2010-03-05 02:04 258048 ----a-w- c:\windows\system32\hccutils.dll 2011-01-12 19:54 . 2010-03-05 02:04 23040 ----a-w- c:\windows\system32\IgfxExtps.dll 2011-01-12 19:54 . 2010-03-05 02:04 174616 ----a-w- c:\windows\system32\IgfxExt.exe 2011-01-12 19:54 . 2010-03-05 02:04 1418752 ----a-w- c:\windows\system32\igdumd32.dll 2010-12-23 16:29 . 2002-02-10 08:00 72748 ----a-w- c:\windows\unins000.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144] "Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2010-12-02 175800] "Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2010-12-14 241360] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-07-28 526992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-01 8505888] "vncutil"="c:\program files\Realtek\Audio\HDA\vncutil.exe" [2010-03-01 358944] "SmartWiHelper"="c:\program files\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784] "Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-12 350744] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976] c:\users\Rivka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936] Dropbox.lnk - c:\users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712] VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936] VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll c:\windows\System32\acaptuser32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-22 43944] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-22 29472] R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-12-23 122880] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-02-20 91504] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 746864] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-23 1343400] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2009-02-09 22536] R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936] S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 23712] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-10-08 122360] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 Oasis2Service;Oasis2Service;c:\program files\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-25 46080] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2010-03-01 133664] S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056] S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520] S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008] S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336] S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776] S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416] S3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-02-15 68144] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408] S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-01-12 648832] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-01-21 9344] S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 222064] S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-01-22 14720] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 513392] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-01-20 316416] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2011-02-23 c:\windows\Tasks\ARO 2011.job - c:\program files\ARO 2011\ARO.exe [2011-02-23 16:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(3616) c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Sophos\AutoUpdate\ALsvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Sony\VAIO Care\VCSpt.exe c:\program files\Sony\VAIO Power Management\SPMgr.exe c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\windows\system32\DllHost.exe c:\program files\Sony\VAIO Event Service\VESMgrSub.exe c:\windows\system32\conhost.exe c:\program files\Sony\VAIO Care\VCsystray.exe c:\windows\system32\sppsvc.exe c:\windows\System32\vds.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2011-02-25 12:34:44 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-25 19:34 ComboFix2.txt 2011-02-24 22:29 Pre-Run: 72,660,197,376 bytes free Post-Run: 72,483,360,768 bytes free - - End Of File - - 915023EFB939C54D6F59AC1820E09324
  7. There you go, and thanks again!! File name: userinit.exe Submission date: 2011-02-25 18:12:01 (UTC) Current status: queued (#9) queued (#10) analysing finished Result: 0/ 43 (0.0%) AhnLab-V3 2011.02.25.00 2011.02.24 - AntiVir 7.11.3.240 2011.02.25 - Antiy-AVL 2.0.3.7 2011.02.25 - Avast 4.8.1351.0 2011.02.23 - Avast5 5.0.677.0 2011.02.23 - AVG 10.0.0.1190 2011.02.25 - BitDefender 7.2 2011.02.25 - CAT-QuickHeal 11.00 2011.02.25 - ClamAV 0.96.4.0 2011.02.25 - Commtouch 5.2.11.5 2011.02.25 - Comodo 7809 2011.02.25 - DrWeb 5.0.2.03300 2011.02.25 - Emsisoft 5.1.0.2 2011.02.25 - eSafe 7.0.17.0 2011.02.24 - eTrust-Vet 36.1.8183 2011.02.25 - F-Prot 4.6.2.117 2011.02.24 - F-Secure 9.0.16160.0 2011.02.25 - Fortinet 4.2.254.0 2011.02.25 - GData 21 2011.02.25 - Ikarus T3.1.1.97.0 2011.02.25 - Jiangmin 13.0.900 2011.02.25 - K7AntiVirus 9.90.3967 2011.02.25 - Kaspersky 7.0.0.125 2011.02.25 - McAfee 5.400.0.1158 2011.02.25 - McAfee-GW-Edition 2010.1C 2011.02.25 - Microsoft 1.6603 2011.02.25 - NOD32 5908 2011.02.25 - Norman 6.07.03 2011.02.25 - nProtect 2011-02-10.01 2011.02.15 - Panda 10.0.3.5 2011.02.25 - PCTools 7.0.3.5 2011.02.25 - Prevx 3.0 2011.02.25 - Rising 23.46.04.05 2011.02.25 - Sophos 4.61.0 2011.02.25 - SUPERAntiSpyware 4.40.0.1006 2011.02.25 - Symantec 20101.3.0.103 2011.02.25 - TheHacker 6.7.0.1.139 2011.02.25 - TrendMicro 9.200.0.1012 2011.02.25 - TrendMicro-HouseCall 9.200.0.1012 2011.02.25 - VBA32 3.12.14.3 2011.02.25 - VIPRE 8534 2011.02.25 - ViRobot 2011.2.25.4329 2011.02.25 - VirusBuster 13.6.220.0 2011.02.25 - Additional informationShow all MD5 : 6de80f60d7de9ce6b8c2ddfdf79ef175 SHA1 : 8d439a6186ff526403989ac217dfe8e3a2d8bc2c SHA256: 7784a6cada74e314e7d79573ad9e490f4a36e0deb86c07732a75856a7e8f1e3a ssdeep: 384:Oj+CsDNjesrHdlvJhRLYZpgKeGf5F/hyWeR22PXG/7LKpuZeRsJCKWuVymWB:OxstZlRhNY ZpgpuFeR22vo7L3O1 File size : 26112 bytes First seen: 2009-08-11 16:56:55 Last seen : 2011-02-25 18:12:01 TrID: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Userinit Logon Application original name: USERINIT.EXE internal name: userinit file version.: 6.1.7600.16385 (win7_rtm.090713-1255) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x2B4E timedatestamp....: 0x4A5BC47B (Mon Jul 13 23:34:19 2009) machinetype......: 0x14c (I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x4CC9, 0x4E00, 6.08, 42103130bcecb40c949779c1a865ac9a .data, 0x6000, 0x4E8, 0x600, 0.87, 33d7907333f0fbf9350ce65ced1af048 .rsrc, 0x7000, 0x778, 0x800, 4.05, cb2b29ba8fea6ee6f3666d8bf554071f .reloc, 0x8000, 0x410, 0x600, 5.22, ae619042157784c4e0538bf811d6d473 [[ 7 import(s) ]] ntdll.dll: DbgPrint, RtlInitUnicodeString, NtOpenKey, NtClose API_MS_Win_Core_LocalRegistry_L1_1_0.dll: RegCreateKeyExW, RegDeleteTreeW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegQueryInfoKeyW API_MS_Win_Core_ProcessThreads_L1_1_0.dll: SetThreadPriority, GetCurrentThread, CreateThread, GetCurrentProcess, CreateProcessW, OpenProcessToken USER32.dll: CharNextW, GetKeyboardLayout, GetSystemMetrics, ExitWindowsEx, MessageBoxW, LoadStringW, LoadRemoteFonts, DefWindowProcW, RegisterClassExW, DestroyWindow, CreateWindowExW, SystemParametersInfoW USERENV.dll: - msvcrt.dll: _ismbblead, _XcptFilter, _exit, _cexit, exit, _wcsicmp, memset, memmove, _vsnwprintf, _initterm, _acmdln, _amsg_exit, __setusermatherr, __p__fmode, __set_app_type, _terminate@@YAXXZ, _except_handler4_common, _controlfp, __getmainargs, __p__commode KERNEL32.dll: GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedExchange, LoadLibraryA, RegOpenKeyExA, RegQueryValueExA, ExpandEnvironmentStringsA, LoadLibraryExA, InterlockedCompareExchange, DelayLoadFailureHook, HeapSetInformation, SetCurrentDirectoryW, FormatMessageW, GetFileAttributesExW, GetSystemDirectoryW, SetLastError, ExpandEnvironmentStringsW, GetUserDefaultLangID, SetEvent, OpenEventW, Sleep, WaitForSingleObject, CloseHandle, GetLastError, SetEnvironmentVariableW, SearchPathW, GetCurrentThreadId, CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, GetEnvironmentVariableW, LocalAlloc, LocalFree, GetVersionExW, lstrlenW ExifTool: file metadata CharacterSet: Unicode CodeSize: 19968 CompanyName: Microsoft Corporation EntryPoint: 0x2b4e FileDescription: Userinit Logon Application FileFlagsMask: 0x003f FileOS: Windows NT 32-bit FileSize: 26 kB FileSubtype: 0 FileType: Win32 EXE FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) FileVersionNumber: 6.1.7600.16385 ImageVersion: 6.1 InitializedDataSize: 5120 InternalName: userinit LanguageCode: English (U.S.) LegalCopyright: Microsoft Corporation. All rights reserved. LinkerVersion: 9.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 6.1 ObjectFileType: Executable application OriginalFilename: USERINIT.EXE PEType: PE32 ProductName: Microsoft Windows Operating System ProductVersion: 6.1.7600.16385 ProductVersionNumber: 6.1.7600.16385 Subsystem: Windows GUI SubsystemVersion: 6.1 TimeStamp: 2009:07:14 01:34:19+02:00 UninitializedDataSize: 0
  8. ok, so after an hour, I just turned my computer off and on, and Combofix picked up where it left off. the log is below. Thank you. ComboFix 11-02-24.01 - Rivka 02/24/2011 14:03:46.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.652 [GMT -7:00] Running from: c:\users\Rivka\Desktop\Combo-Fix.exe AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Install.exe c:\users\Rivka\AppData\Local\ie_runner_app.exe c:\users\Rivka\AppData\Roaming\Config c:\windows\system32\bin c:\windows\system32\spool\prtprocs\w32x86\Xrpp_b.dll c:\windows\system32\userinit.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 ))))))))))))))))))))))))))))))) . 2011-02-24 21:19 . 2011-02-24 22:24 -------- d-----w- c:\users\Rivka\AppData\Local\temp 2011-02-24 21:19 . 2011-02-24 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-24 18:57 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A3992D1-1DC2-4041-B9AE-2023BEDBE8C4}\mpengine.dll 2011-02-23 15:42 . 2011-02-23 15:42 -------- d-----w- c:\users\Rivka\AppData\Roaming\Log 2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\users\Rivka\AppData\Roaming\Malwarebytes 2011-02-23 01:50 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\programdata\Malwarebytes 2011-02-23 01:49 . 2011-02-23 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 01:49 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 01:31 . 2011-02-23 01:31 -------- d-----w- c:\users\Rivka\AppData\Roaming\Sammsoft 2011-02-23 01:30 . 2011-02-23 14:00 -------- d-----w- c:\program files\ARO 2011 2011-02-22 20:10 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2011-02-22 20:08 . 2011-02-22 20:08 -------- d-----w- c:\users\Rivka\AppData\Local\Sophos 2011-02-22 20:07 . 2010-09-23 01:47 112056 ----a-w- c:\windows\system32\acaptuser32.dll 2011-02-22 19:44 . 2011-02-22 19:44 -------- d-----w- C:\A9R8787.tmp 2011-02-22 19:22 . 2011-02-22 19:57 -------- d-----w- c:\programdata\fEhPmMp08200 2011-02-17 20:58 . 2011-02-17 20:58 -------- d-----w- c:\users\Rivka\AppData\Local\ElevatedDiagnostics 2011-02-15 16:33 . 2011-02-15 16:33 256 ----a-w- c:\windows\system32\pool.bin 2011-02-15 16:13 . 2009-01-09 23:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys 2011-02-15 16:12 . 2011-02-15 22:32 -------- d-----w- c:\program files\Research In Motion 2011-02-10 03:16 . 2011-02-16 20:32 -------- d-----w- c:\program files\Microsoft Silverlight 2011-02-03 20:47 . 2011-02-03 21:06 -------- d-----w- c:\users\Rivka\AppData\Roaming\Auslogics 2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\users\Rivka\AppData\Roaming\upromise 2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\program files\Upromise . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-13 21:19 . 2010-12-24 16:12 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2011-02-01 15:28 . 2010-12-24 16:12 88 --sh--r- c:\programdata\46BD3B2112.sys 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTRK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTHA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrNLD.lrc 2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrITA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrHUN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrFRA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrRUS.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTG.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPLK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrSVE.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrNOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrFIN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 204800 ----a-w- c:\windows\system32\igfxrTRK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 196608 ----a-w- c:\windows\system32\igfxrTHA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 188416 ----a-w- c:\windows\system32\igfxrHEB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrKOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrJPN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressSVE.lrc 2011-01-12 19:54 . 2010-03-05 02:04 502296 ----a-w- c:\windows\system32\igfxsrvc.exe 2011-01-12 19:54 . 2010-03-05 02:04 45056 ----a-w- c:\windows\system32\igfxsrvc.dll 2011-01-12 19:54 . 2010-03-05 02:04 137752 ----a-w- c:\windows\system32\igfxtray.exe 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTG.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPLK.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressHUN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressESP.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressHEB.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressFRA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressJPN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressITA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressKOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressDEU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressRUS.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNOR.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNLD.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressDAN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressCSY.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressFIN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressENU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressELL.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHT.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHS.lrc 2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressARA.lrc 2011-01-12 19:54 . 2010-03-05 02:04 3334144 ----a-w- c:\windows\system32\igfxress.dll 2011-01-12 19:54 . 2011-01-12 19:54 895512 ----a-w- c:\windows\system32\igfxcfg.exe 2011-01-12 19:54 . 2011-01-12 19:54 648832 ----a-w- c:\windows\system32\drivers\igdkmd32.sys 2011-01-12 19:54 . 2011-01-12 19:54 327680 ----a-w- c:\windows\system32\igfxcpl.cpl 2011-01-12 19:54 . 2011-01-12 19:54 307200 ----a-w- c:\windows\system32\igfxdo.dll 2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxres.dll 2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxrENU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrELL.lrc 2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrDEU.lrc 2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrESP.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrDAN.lrc 2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrCSY.lrc 2011-01-12 19:54 . 2011-01-12 19:54 200704 ----a-w- c:\windows\system32\igfxpph.dll 2011-01-12 19:54 . 2011-01-12 19:54 192512 ----a-w- c:\windows\system32\igfxrARA.lrc 2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHT.lrc 2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHS.lrc 2011-01-12 19:54 . 2010-08-06 12:45 977432 ----a-w- c:\windows\system32\lpgun.exe 2011-01-12 19:54 . 2010-03-05 02:04 350744 ----a-w- c:\windows\system32\hkcmd.exe 2011-01-12 19:54 . 2010-03-05 02:04 258048 ----a-w- c:\windows\system32\hccutils.dll 2011-01-12 19:54 . 2010-03-05 02:04 23040 ----a-w- c:\windows\system32\IgfxExtps.dll 2011-01-12 19:54 . 2010-03-05 02:04 174616 ----a-w- c:\windows\system32\IgfxExt.exe 2011-01-12 19:54 . 2010-03-05 02:04 1418752 ----a-w- c:\windows\system32\igdumd32.dll 2010-12-23 16:29 . 2002-02-10 08:00 72748 ----a-w- c:\windows\unins000.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144] "Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2010-12-02 175800] "Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2010-12-14 241360] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-07-28 526992] "RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-01 8505888] "vncutil"="c:\program files\Realtek\Audio\HDA\vncutil.exe" [2010-03-01 358944] "SmartWiHelper"="c:\program files\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784] "Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-12 350744] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976] c:\users\Rivka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936] Dropbox.lnk - c:\users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712] VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936] VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll c:\windows\System32\acaptuser32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-22 43944] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-22 29472] R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-12-23 122880] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-02-20 91504] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 746864] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-23 1343400] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2009-02-09 22536] R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936] S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 23712] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-10-08 122360] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 Oasis2Service;Oasis2Service;c:\program files\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-25 46080] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2010-03-01 133664] S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056] S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520] S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008] S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336] S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776] S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416] S3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-02-15 68144] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408] S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-01-12 648832] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-01-21 9344] S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 222064] S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-01-22 14720] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 513392] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-01-20 316416] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2011-02-23 c:\windows\Tasks\ARO 2011.job - c:\program files\ARO 2011\ARO.exe [2011-02-23 16:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll . - - - - ORPHANS REMOVED - - - - HKLM-Run-ApMain - %ProgramFiles%\AlpsPoint\ApMain.exe ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!! ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(252) c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Sophos\AutoUpdate\ALsvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Sony\VAIO Care\VCSpt.exe c:\program files\Sony\VAIO Power Management\SPMgr.exe c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\windows\system32\DllHost.exe c:\program files\Sony\VAIO Event Service\VESMgrSub.exe c:\windows\system32\conhost.exe c:\program files\Sony\VAIO Care\VCsystray.exe c:\windows\System32\vds.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2011-02-24 15:29:03 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-24 22:29 Pre-Run: 72,682,721,280 bytes free Post-Run: 73,038,438,400 bytes free - - End Of File - - 8DF74A9A507221C0C1F1D211A5FFAFE9 AND DDS (Ver_10-12-12.02) - NTFSx86 Run by Rivka at 15:43:38.97 on Thu 02/24/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.727 [GMT -7:00] AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k Akamai C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\DDNi\Oasis2Service 1.0\Oasis2Service.exe C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\taskhost.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\Explorer.EXE C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Windows\system32\taskeng.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\VAIO Care\VCSpt.exe C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\Realtek\Audio\HDA\vncutil.exe C:\Windows\system32\DllHost.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Windows\System32\igfxtray.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Upromise\dca-ua.exe C:\Program Files\Upromise\UpromiseTray.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Windows\System32\StikyNot.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\DDNi\Oasis\Delay.exe C:\Users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\DDNi\Oasis\Delay.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\vds.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe C:\Windows\system32\sppsvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\servicing\TrustedInstaller.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Rivka\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [upromise Update] c:\program files\upromise\dca-ua.exe uRun: [upromise Tray] c:\program files\upromise\UpromiseTray.exe uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [vncutil] c:\program files\realtek\audio\hda\vncutil.exe mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rivka\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll LSP: c:\programdata\sophos web intelligence\swi_lsp.dll DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL AppInit_DLLs: c:\progra~1\sophos\sophos~1\sophos_detoured.dll c:\windows\system32\acaptuser32.dll ============= SERVICES / DRIVERS =============== R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2010-4-6 23712] R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-12-23 122360] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992] R2 Oasis2Service;Oasis2Service;c:\program files\ddni\oasis2service 1.0\Oasis2Service.exe [2010-6-24 46080] R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2010-8-6 133664] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056] R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640] R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008] R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2010-8-6 104960] R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2010-3-18 852336] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-2-19 529776] R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-2-19 386416] R3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-2-25 68144] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-8-6 17408] R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2011-1-12 648832] R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\microsoft sql server\mssql10.ddni\mssql\binn\sqlservr.exe [2009-3-30 43010392] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-4-6 9344] R3 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2010-2-8 222064] R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-4-6 14720] R3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-8-6 513392] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-4-6 316416] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-2-8 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-6 29472] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-8-6 122880] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-8-6 108400] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-8-6 422768] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-8-6 67952] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-2-19 91504] S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-12-23 746864] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-23 1343400] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-12-23 22536] S4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\microsoft sql server\mssql10.ddni\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] =============== Created Last 30 ================ 2011-02-24 22:34:09 276992 ----a-w- c:\windows\system32\wcncsvc.dll 2011-02-24 22:27:57 -------- d-sh--w- C:\$RECYCLE.BIN 2011-02-24 21:19:46 -------- d-----w- c:\users\rivka\appdata\local\temp 2011-02-24 21:00:09 89088 ----a-w- c:\windows\MBR.exe 2011-02-24 21:00:04 256512 ----a-w- c:\windows\PEV.exe 2011-02-24 21:00:03 161792 ----a-w- c:\windows\SWREG.exe 2011-02-24 21:00:01 98816 ----a-w- c:\windows\sed.exe 2011-02-24 18:59:47 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-02-24 18:59:46 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-24 18:57:51 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8a3992d1-1dc2-4041-b9ae-2023bedbe8c4}\mpengine.dll 2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Log 2011-02-23 01:50:28 -------- d-----w- c:\users\rivka\appdata\roaming\Malwarebytes 2011-02-23 01:50:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 01:50:02 -------- d-----w- c:\progra~2\Malwarebytes 2011-02-23 01:49:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 01:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 01:31:16 -------- d-----w- c:\users\rivka\appdata\roaming\Sammsoft 2011-02-23 01:30:35 -------- d-----w- c:\program files\ARO 2011 2011-02-22 20:10:43 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2011-02-22 20:08:28 -------- d-----w- c:\users\rivka\appdata\local\Sophos 2011-02-22 20:07:53 112056 ----a-w- c:\windows\system32\acaptuser32.dll 2011-02-22 19:22:13 -------- d-----w- c:\progra~2\fEhPmMp08200 2011-02-17 20:58:27 -------- d-----w- c:\users\rivka\appdata\local\ElevatedDiagnostics 2011-02-15 16:33:49 256 ----a-w- c:\windows\system32\pool.bin 2011-02-15 16:13:58 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys 2011-02-15 16:12:18 -------- d-----w- c:\program files\Research In Motion 2011-02-03 20:47:18 -------- d-----w- c:\users\rivka\appdata\roaming\Auslogics 2011-02-01 16:57:10 -------- d-----w- c:\users\rivka\appdata\roaming\upromise 2011-02-01 16:57:10 -------- d-----w- c:\program files\Upromise ==================== Find3M ==================== 2011-02-13 21:19:38 2516 --sha-w- c:\progra~2\KGyGaAvL.sys 2011-02-01 15:28:28 88 --sh--r- c:\progra~2\46BD3B2112.sys 2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys 2010-12-23 16:29:16 72748 ----a-w- c:\windows\unins000.exe 2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll 2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll 2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll 2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll 2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll 2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll 2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll 2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll 2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll 2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll 2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll 2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec 2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb ============= FINISH: 15:45:15.89 ===============
  9. Hi there, Combo-Fix has been running fine (i followed all instructions), it did find an infected file, but now it has been stuck at "rebooting windows...please wait" for what seems like 20 min... what do i do?? i did not double click in the windows.. i am writing this from a different computer. thanks,
  10. There you go, as instructed, thank you. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5871 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2/24/2011 12:10:23 PM mbam-log-2011-02-24 (12-10-23).txt Scan type: Quick scan Objects scanned: 150467 Time elapsed: 12 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) AND DDS (Ver_10-12-12.02) - NTFSx86 Run by Rivka at 12:13:20.11 on Thu 02/24/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.364 [GMT -7:00] AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\System32\svchost.exe -k Akamai C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\DDNi\Oasis2Service 1.0\Oasis2Service.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Windows\system32\taskeng.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe C:\Program Files\Sony\VAIO Care\VCSpt.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe C:\Windows\system32\DllHost.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\vncutil.exe C:\Program Files\AlpsPoint\ApMain.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\AlpsPoint\ApMsgFwd.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Upromise\dca-ua.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Upromise\UpromiseTray.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\vds.exe C:\Program Files\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\DDNI\Oasis\VAIO Messenger.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe C:\Program Files\Sony\VAIO Event Service\VESGfxMgr.exe C:\Windows\system32\IgfxExt.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Rivka\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://sony.msn.com uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [upromise Update] c:\program files\upromise\dca-ua.exe uRun: [upromise Tray] c:\program files\upromise\UpromiseTray.exe uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [vncutil] c:\program files\realtek\audio\hda\vncutil.exe mRun: [ApMain] %ProgramFiles%\AlpsPoint\ApMain.exe mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [igfxExt] c:\windows\system32\IgfxExt.exe /RegServer mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rivka\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll LSP: c:\programdata\sophos web intelligence\swi_lsp.dll DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL acaptuser32.dll ============= SERVICES / DRIVERS =============== R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2010-4-6 23712] R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-12-23 122360] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992] R2 Oasis2Service;Oasis2Service;c:\program files\ddni\oasis2service 1.0\Oasis2Service.exe [2010-6-24 46080] R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2010-8-6 133664] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056] R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640] R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008] R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2010-8-6 104960] R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2010-3-18 852336] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-2-19 529776] R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-2-19 386416] R3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-2-25 68144] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-8-6 17408] R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2011-1-12 648832] R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\microsoft sql server\mssql10.ddni\mssql\binn\sqlservr.exe [2009-3-30 43010392] R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-4-6 9344] R3 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2010-2-8 222064] R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-4-6 14720] R3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-8-6 513392] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-4-6 316416] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-2-8 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-6 29472] S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-8-6 122880] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-8-6 108400] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-8-6 422768] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-8-6 67952] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-2-19 91504] S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-12-23 746864] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-23 1343400] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-12-23 22536] S4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\microsoft sql server\mssql10.ddni\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] =============== Created Last 30 ================ 2011-02-24 18:57:51 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8a3992d1-1dc2-4041-b9ae-2023bedbe8c4}\mpengine.dll 2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Log 2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Config 2011-02-23 01:50:28 -------- d-----w- c:\users\rivka\appdata\roaming\Malwarebytes 2011-02-23 01:50:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 01:50:02 -------- d-----w- c:\progra~2\Malwarebytes 2011-02-23 01:49:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 01:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 01:31:16 -------- d-----w- c:\users\rivka\appdata\roaming\Sammsoft 2011-02-23 01:30:35 -------- d-----w- c:\program files\ARO 2011 2011-02-22 20:10:43 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2011-02-22 20:08:28 -------- d-----w- c:\users\rivka\appdata\local\Sophos 2011-02-22 20:07:53 112056 ----a-w- c:\windows\system32\acaptuser32.dll 2011-02-22 19:44:29 -------- d-----w- C:\A9R8787.tmp 2011-02-22 19:22:13 -------- d-----w- c:\progra~2\fEhPmMp08200 2011-02-17 20:58:27 -------- d-----w- c:\users\rivka\appdata\local\ElevatedDiagnostics 2011-02-15 16:33:49 256 ----a-w- c:\windows\system32\pool.bin 2011-02-15 16:13:58 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys 2011-02-15 16:12:18 -------- d-----w- c:\program files\Research In Motion 2011-02-03 20:47:18 -------- d-----w- c:\users\rivka\appdata\roaming\Auslogics 2011-02-01 16:57:10 -------- d-----w- c:\users\rivka\appdata\roaming\upromise 2011-02-01 16:57:10 -------- d-----w- c:\program files\Upromise ==================== Find3M ==================== 2011-02-13 21:19:38 2516 --sha-w- c:\progra~2\KGyGaAvL.sys 2011-02-01 15:28:28 88 --sh--r- c:\progra~2\46BD3B2112.sys 2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys 2010-12-23 16:29:16 72748 ----a-w- c:\windows\unins000.exe 2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll 2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll 2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll 2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll 2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll 2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll 2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll 2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll 2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll 2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll 2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll 2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec 2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb ============= FINISH: 12:15:12.91 ===============
  11. ok, there you go: 2011/02/24 08:16:06.0824 7864 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08 2011/02/24 08:16:07.0355 7864 ================================================================================ 2011/02/24 08:16:07.0355 7864 SystemInfo: 2011/02/24 08:16:07.0355 7864 2011/02/24 08:16:07.0355 7864 OS Version: 6.1.7600 ServicePack: 0.0 2011/02/24 08:16:07.0355 7864 Product type: Workstation 2011/02/24 08:16:07.0355 7864 ComputerName: RIVKA-VAIO 2011/02/24 08:16:07.0355 7864 UserName: Rivka 2011/02/24 08:16:07.0355 7864 Windows directory: C:\Windows 2011/02/24 08:16:07.0355 7864 System windows directory: C:\Windows 2011/02/24 08:16:07.0355 7864 Processor architecture: Intel x86 2011/02/24 08:16:07.0355 7864 Number of processors: 2 2011/02/24 08:16:07.0355 7864 Page size: 0x1000 2011/02/24 08:16:07.0355 7864 Boot type: Normal boot 2011/02/24 08:16:07.0355 7864 ================================================================================ 2011/02/24 08:16:08.0681 7864 Initialize success 2011/02/24 08:16:10.0849 7960 ================================================================================ 2011/02/24 08:16:10.0849 7960 Scan started 2011/02/24 08:16:10.0849 7960 Mode: Manual; 2011/02/24 08:16:10.0849 7960 ================================================================================ 2011/02/24 08:16:11.0629 7960 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\drivers\1394ohci.sys 2011/02/24 08:16:12.0643 7960 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\drivers\ACPI.sys 2011/02/24 08:16:12.0784 7960 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\drivers\acpipmi.sys 2011/02/24 08:16:12.0924 7960 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys 2011/02/24 08:16:13.0049 7960 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys 2011/02/24 08:16:13.0174 7960 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys 2011/02/24 08:16:13.0376 7960 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/02/24 08:16:13.0532 7960 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 2011/02/24 08:16:13.0704 7960 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys 2011/02/24 08:16:13.0891 7960 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 2011/02/24 08:16:14.0078 7960 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 2011/02/24 08:16:14.0234 7960 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 2011/02/24 08:16:14.0422 7960 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys 2011/02/24 08:16:15.0420 7960 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys 2011/02/24 08:16:16.0450 7960 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\drivers\amdsata.sys 2011/02/24 08:16:16.0606 7960 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys 2011/02/24 08:16:16.0808 7960 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\drivers\amdxata.sys 2011/02/24 08:16:16.0918 7960 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/02/24 08:16:17.0354 7960 ApPS2 (ae56530ed201895aeb194d53a4ee29bd) C:\Windows\system32\drivers\ApPS2.sys 2011/02/24 08:16:17.0557 7960 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys 2011/02/24 08:16:17.0713 7960 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys 2011/02/24 08:16:17.0916 7960 ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys 2011/02/24 08:16:18.0072 7960 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/02/24 08:16:18.0275 7960 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 2011/02/24 08:16:18.0400 7960 athr (5ce5e9336dfa9515fa52b708bff40c3d) C:\Windows\system32\DRIVERS\athr.sys 2011/02/24 08:16:18.0665 7960 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys 2011/02/24 08:16:18.0836 7960 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/02/24 08:16:19.0117 7960 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/02/24 08:16:19.0382 7960 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys 2011/02/24 08:16:19.0538 7960 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/02/24 08:16:19.0679 7960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys 2011/02/24 08:16:19.0882 7960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys 2011/02/24 08:16:20.0116 7960 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/02/24 08:16:20.0287 7960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/02/24 08:16:20.0459 7960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/02/24 08:16:20.0615 7960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/02/24 08:16:20.0771 7960 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/02/24 08:16:20.0911 7960 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys 2011/02/24 08:16:21.0067 7960 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2011/02/24 08:16:21.0223 7960 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys 2011/02/24 08:16:21.0426 7960 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys 2011/02/24 08:16:21.0566 7960 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\Windows\system32\drivers\btusbflt.sys 2011/02/24 08:16:21.0754 7960 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\Windows\system32\drivers\btwaudio.sys 2011/02/24 08:16:21.0910 7960 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\drivers\btwavdt.sys 2011/02/24 08:16:22.0050 7960 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys 2011/02/24 08:16:22.0222 7960 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/02/24 08:16:22.0456 7960 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/02/24 08:16:22.0627 7960 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/02/24 08:16:22.0830 7960 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys 2011/02/24 08:16:22.0986 7960 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/02/24 08:16:23.0220 7960 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys 2011/02/24 08:16:23.0360 7960 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 2011/02/24 08:16:23.0579 7960 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/02/24 08:16:23.0766 7960 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys 2011/02/24 08:16:23.0906 7960 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\drivers\CompositeBus.sys 2011/02/24 08:16:24.0094 7960 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys 2011/02/24 08:16:24.0421 7960 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/02/24 08:16:24.0624 7960 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/02/24 08:16:24.0796 7960 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys 2011/02/24 08:16:25.0092 7960 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/02/24 08:16:25.0279 7960 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 2011/02/24 08:16:25.0685 7960 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys 2011/02/24 08:16:26.0090 7960 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys 2011/02/24 08:16:26.0215 7960 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 2011/02/24 08:16:26.0496 7960 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/02/24 08:16:26.0808 7960 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/02/24 08:16:27.0042 7960 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys 2011/02/24 08:16:27.0416 7960 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/02/24 08:16:27.0557 7960 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/02/24 08:16:27.0822 7960 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys 2011/02/24 08:16:27.0994 7960 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/02/24 08:16:28.0228 7960 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/02/24 08:16:28.0368 7960 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/02/24 08:16:28.0540 7960 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\Windows\system32\drivers\ftdibus.sys 2011/02/24 08:16:28.0805 7960 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\Windows\system32\drivers\ftser2k.sys 2011/02/24 08:16:28.0976 7960 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/02/24 08:16:29.0179 7960 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys 2011/02/24 08:16:29.0366 7960 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/02/24 08:16:29.0522 7960 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/02/24 08:16:29.0694 7960 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\drivers\HDAudBus.sys 2011/02/24 08:16:29.0959 7960 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys 2011/02/24 08:16:30.0100 7960 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys 2011/02/24 08:16:30.0240 7960 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys 2011/02/24 08:16:30.0427 7960 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/02/24 08:16:30.0786 7960 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 2011/02/24 08:16:31.0114 7960 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/02/24 08:16:31.0394 7960 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/02/24 08:16:32.0112 7960 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 2011/02/24 08:16:32.0424 7960 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys 2011/02/24 08:16:32.0861 7960 igd (6b432a8519e36aa9da302a8b4b016afa) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/02/24 08:16:33.0064 7960 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys 2011/02/24 08:16:33.0360 7960 IntcAzAudAddService (b68a9bad1b7c1453ef063c09ebd95c2e) C:\Windows\system32\drivers\RTKVHDA.sys 2011/02/24 08:16:33.0812 7960 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 2011/02/24 08:16:34.0056 7960 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys 2011/02/24 08:16:35.0065 7960 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/02/24 08:16:35.0225 7960 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\drivers\IPMIDrv.sys 2011/02/24 08:16:35.0419 7960 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/02/24 08:16:35.0580 7960 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/02/24 08:16:35.0750 7960 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 2011/02/24 08:16:35.0889 7960 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\drivers\msiscsi.sys 2011/02/24 08:16:36.0871 7960 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/02/24 08:16:37.0059 7960 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/02/24 08:16:37.0277 7960 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/02/24 08:16:37.0776 7960 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/02/24 08:16:38.0151 7960 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/02/24 08:16:38.0541 7960 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys 2011/02/24 08:16:38.0712 7960 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys 2011/02/24 08:16:38.0931 7960 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys 2011/02/24 08:16:39.0149 7960 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys 2011/02/24 08:16:39.0305 7960 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/02/24 08:16:39.0508 7960 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys 2011/02/24 08:16:39.0648 7960 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys 2011/02/24 08:16:39.0820 7960 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/02/24 08:16:39.0991 7960 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/02/24 08:16:40.0163 7960 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/02/24 08:16:40.0288 7960 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/02/24 08:16:40.0475 7960 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/02/24 08:16:40.0615 7960 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\drivers\mpio.sys 2011/02/24 08:16:40.0771 7960 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/02/24 08:16:41.0021 7960 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/02/24 08:16:41.0193 7960 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/02/24 08:16:41.0333 7960 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/02/24 08:16:41.0473 7960 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/02/24 08:16:41.0614 7960 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\drivers\msahci.sys 2011/02/24 08:16:41.0801 7960 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys 2011/02/24 08:16:42.0019 7960 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/02/24 08:16:42.0160 7960 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/02/24 08:16:42.0347 7960 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 2011/02/24 08:16:42.0628 7960 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/02/24 08:16:42.0799 7960 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/02/24 08:16:42.0971 7960 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/02/24 08:16:43.0143 7960 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/02/24 08:16:43.0314 7960 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 2011/02/24 08:16:43.0517 7960 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/02/24 08:16:43.0673 7960 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys 2011/02/24 08:16:43.0860 7960 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/02/24 08:16:44.0094 7960 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/02/24 08:16:44.0313 7960 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/02/24 08:16:44.0484 7960 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/02/24 08:16:44.0656 7960 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/02/24 08:16:44.0843 7960 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/02/24 08:16:45.0015 7960 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/02/24 08:16:45.0186 7960 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/02/24 08:16:45.0358 7960 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/02/24 08:16:45.0529 7960 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/02/24 08:16:45.0857 7960 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys 2011/02/24 08:16:46.0075 7960 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/02/24 08:16:46.0216 7960 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/02/24 08:16:46.0450 7960 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/02/24 08:16:46.0653 7960 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/02/24 08:16:46.0824 7960 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\drivers\nvraid.sys 2011/02/24 08:16:47.0027 7960 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\drivers\nvstor.sys 2011/02/24 08:16:47.0261 7960 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 2011/02/24 08:16:47.0464 7960 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 2011/02/24 08:16:48.0618 7960 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys 2011/02/24 08:16:48.0743 7960 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/02/24 08:16:48.0883 7960 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys 2011/02/24 08:16:49.0071 7960 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\drivers\pci.sys 2011/02/24 08:16:49.0211 7960 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 2011/02/24 08:16:49.0445 7960 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys 2011/02/24 08:16:49.0819 7960 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/02/24 08:16:49.0975 7960 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/02/24 08:16:50.0818 7960 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/02/24 08:16:50.0974 7960 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys 2011/02/24 08:16:52.0191 7960 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/02/24 08:16:52.0440 7960 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys 2011/02/24 08:16:52.0627 7960 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys 2011/02/24 08:16:53.0641 7960 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/02/24 08:16:53.0751 7960 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/02/24 08:16:53.0860 7960 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/02/24 08:16:54.0047 7960 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/02/24 08:16:54.0203 7960 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/02/24 08:16:54.0328 7960 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/02/24 08:16:54.0453 7960 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/02/24 08:16:54.0609 7960 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys 2011/02/24 08:16:54.0796 7960 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/02/24 08:16:54.0967 7960 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/02/24 08:16:55.0155 7960 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/02/24 08:16:55.0311 7960 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/02/24 08:16:55.0451 7960 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/02/24 08:16:55.0638 7960 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/02/24 08:16:55.0763 7960 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys 2011/02/24 08:16:55.0903 7960 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 2011/02/24 08:16:56.0059 7960 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys 2011/02/24 08:16:56.0247 7960 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys 2011/02/24 08:16:56.0699 7960 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/02/24 08:16:56.0933 7960 SAVOnAccess (ae668d3f43fc90bc17f62e08ff82a446) C:\Windows\system32\DRIVERS\savonaccess.sys 2011/02/24 08:16:57.0089 7960 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\drivers\sbp2port.sys 2011/02/24 08:16:57.0261 7960 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/02/24 08:16:57.0495 7960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/02/24 08:16:57.0729 7960 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/02/24 08:16:57.0853 7960 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys 2011/02/24 08:16:57.0978 7960 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys 2011/02/24 08:16:58.0165 7960 SFEP (dcaff7089185e6461b92d3d3a17ba295) C:\Windows\system32\drivers\SFEP.sys 2011/02/24 08:16:58.0306 7960 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/02/24 08:16:58.0431 7960 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/02/24 08:16:58.0602 7960 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\drivers\sffp_sd.sys 2011/02/24 08:16:58.0711 7960 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys 2011/02/24 08:16:58.0945 7960 shpf (0e0e7ecaf83f793effa080685e24d2db) C:\Windows\system32\DRIVERS\shpf.sys 2011/02/24 08:16:59.0257 7960 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 2011/02/24 08:16:59.0382 7960 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys 2011/02/24 08:16:59.0523 7960 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys 2011/02/24 08:16:59.0663 7960 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/02/24 08:16:59.0913 7960 SophosBootDriver (f2b7bd04146b3e6a895a1919e1f5da89) C:\Windows\system32\DRIVERS\SophosBootDriver.sys 2011/02/24 08:17:00.0100 7960 SPI (fa3daa12247ea580b2c6c37bd4933ea1) C:\Windows\system32\drivers\SonyPI.sys 2011/02/24 08:17:00.0271 7960 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/02/24 08:17:00.0568 7960 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2011/02/24 08:17:00.0708 7960 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2011/02/24 08:17:00.0864 7960 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2011/02/24 08:17:01.0036 7960 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys 2011/02/24 08:17:01.0239 7960 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 2011/02/24 08:17:01.0753 7960 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/02/24 08:17:02.0003 7960 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/02/24 08:17:02.0128 7960 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/02/24 08:17:02.0299 7960 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/02/24 08:17:02.0424 7960 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/02/24 08:17:02.0549 7960 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/02/24 08:17:02.0689 7960 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\drivers\termdd.sys 2011/02/24 08:17:03.0048 7960 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/02/24 08:17:03.0204 7960 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/02/24 08:17:03.0360 7960 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys 2011/02/24 08:17:03.0563 7960 udfs (6557d75e8b7d6a06cdc21cd39dbf255c) C:\Windows\system32\DRIVERS\udfs.sys 2011/02/24 08:17:03.0781 7960 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 2011/02/24 08:17:03.0922 7960 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/02/24 08:17:04.0078 7960 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys 2011/02/24 08:17:04.0296 7960 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/02/24 08:17:04.0421 7960 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 2011/02/24 08:17:04.0593 7960 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\drivers\usbehci.sys 2011/02/24 08:17:04.0749 7960 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/02/24 08:17:04.0905 7960 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys 2011/02/24 08:17:05.0076 7960 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/02/24 08:17:05.0217 7960 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/02/24 08:17:05.0341 7960 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/02/24 08:17:05.0482 7960 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys 2011/02/24 08:17:05.0607 7960 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys 2011/02/24 08:17:06.0012 7960 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 2011/02/24 08:17:06.0168 7960 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/02/24 08:17:06.0309 7960 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/02/24 08:17:06.0449 7960 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\drivers\vhdmp.sys 2011/02/24 08:17:06.0574 7960 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 2011/02/24 08:17:06.0714 7960 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys 2011/02/24 08:17:07.0713 7960 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 2011/02/24 08:17:07.0837 7960 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\drivers\volmgr.sys 2011/02/24 08:17:08.0103 7960 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/02/24 08:17:08.0243 7960 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\drivers\volsnap.sys 2011/02/24 08:17:08.0415 7960 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys 2011/02/24 08:17:08.0602 7960 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/02/24 08:17:08.0727 7960 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/02/24 08:17:08.0914 7960 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys 2011/02/24 08:17:09.0039 7960 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/24 08:17:09.0132 7960 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/24 08:17:09.0351 7960 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys 2011/02/24 08:17:09.0507 7960 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/02/24 08:17:09.0803 7960 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/02/24 08:17:09.0943 7960 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/02/24 08:17:10.0255 7960 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/02/24 08:17:10.0443 7960 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 2011/02/24 08:17:10.0692 7960 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/02/24 08:17:10.0926 7960 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/02/24 08:17:11.0051 7960 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/02/24 08:17:11.0316 7960 yukonw7 (4e8630d1a7e15d7f9a2bc25993ae7234) C:\Windows\system32\DRIVERS\yk62x86.sys 2011/02/24 08:17:11.0550 7960 ================================================================================ 2011/02/24 08:17:11.0550 7960 Scan finished 2011/02/24 08:17:11.0550 7960 ================================================================================ AND DDS (Ver_10-12-12.02) - NTFSx86 Run by Rivka at 8:18:54.23 on Thu 02/24/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.246 [GMT -7:00] AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\System32\svchost.exe -k Akamai C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\DDNi\Oasis2Service 1.0\Oasis2Service.exe C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Windows\system32\taskeng.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe C:\Program Files\Sony\VAIO Care\VCSpt.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe C:\Windows\system32\DllHost.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\vncutil.exe C:\Program Files\AlpsPoint\ApMain.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\AlpsPoint\ApMsgFwd.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Upromise\dca-ua.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Upromise\UpromiseTray.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\vds.exe C:\Program Files\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\DDNI\Oasis\VAIO Messenger.exe C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe c:\program files\windows defender\MpCmdRun.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rivka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOJ3HA9Z\dds[1].scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://sony.msn.com uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [upromise Update] c:\program files\upromise\dca-ua.exe uRun: [upromise Tray] c:\program files\upromise\UpromiseTray.exe uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [vncutil] c:\program files\realtek\audio\hda\vncutil.exe mRun: [ApMain] %ProgramFiles%\AlpsPoint\ApMain.exe mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [igfxExt] c:\windows\system32\IgfxExt.exe /RegServer mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rivka\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll LSP: c:\programdata\sophos web intelligence\swi_lsp.dll DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL acaptuser32.dll ============= SERVICES / DRIVERS =============== R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2010-4-6 23712] R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-12-23 122360] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992] R2 Oasis2Service;Oasis2Service;c:\program files\ddni\oasis2service 1.0\Oasis2Service.exe [2010-6-24 46080] R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2010-8-6 133664] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056] R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640] R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008] R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2010-8-6 104960] R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2010-3-18 852336] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-2-19 529776] R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-2-19 386416] R3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-2-25 68144] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-8-6 17408] R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2011-1-12 648832] R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\microsoft sql server\mssql10.ddni\mssql\binn\sqlservr.exe [2009-3-30 43010392] R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-4-6 9344] R3 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2010-2-8 222064] R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-4-6 14720] R3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-8-6 513392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-2-8 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-6 29472] S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-8-6 122880] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-8-6 108400] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-8-6 422768] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-8-6 67952] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-2-19 91504] S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-12-23 746864] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-23 1343400] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-4-6 316416] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-12-23 22536] S4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\microsoft sql server\mssql10.ddni\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] =============== Created Last 30 ================ 2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Log 2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Config 2011-02-23 01:50:28 -------- d-----w- c:\users\rivka\appdata\roaming\Malwarebytes 2011-02-23 01:50:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 01:50:02 -------- d-----w- c:\progra~2\Malwarebytes 2011-02-23 01:49:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 01:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 01:31:16 -------- d-----w- c:\users\rivka\appdata\roaming\Sammsoft 2011-02-23 01:30:35 -------- d-----w- c:\program files\ARO 2011 2011-02-22 20:10:43 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2011-02-22 20:08:28 -------- d-----w- c:\users\rivka\appdata\local\Sophos 2011-02-22 20:07:53 112056 ----a-w- c:\windows\system32\acaptuser32.dll 2011-02-22 20:01:16 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b8e57123-ce1d-442e-920e-0a294ae3ed65}\mpengine.dll 2011-02-22 19:44:29 -------- d-----w- C:\A9R8787.tmp 2011-02-22 19:22:13 -------- d-----w- c:\progra~2\fEhPmMp08200 2011-02-17 20:58:27 -------- d-----w- c:\users\rivka\appdata\local\ElevatedDiagnostics 2011-02-15 16:33:49 256 ----a-w- c:\windows\system32\pool.bin 2011-02-15 16:13:58 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys 2011-02-15 16:12:18 -------- d-----w- c:\program files\Research In Motion 2011-02-03 20:47:18 -------- d-----w- c:\users\rivka\appdata\roaming\Auslogics 2011-02-01 16:57:10 -------- d-----w- c:\users\rivka\appdata\roaming\upromise 2011-02-01 16:57:10 -------- d-----w- c:\program files\Upromise ==================== Find3M ==================== 2011-02-13 21:19:38 2516 --sha-w- c:\progra~2\KGyGaAvL.sys 2011-02-01 15:28:28 88 --sh--r- c:\progra~2\46BD3B2112.sys 2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys 2010-12-23 16:29:16 72748 ----a-w- c:\windows\unins000.exe 2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll 2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll 2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll 2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll 2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll 2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll 2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll 2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll 2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll 2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll 2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll 2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec 2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb ============= FINISH: 8:20:34.86 ===============
  12. Hi Borislav, thank you again for your help. I actually ran the TDSSkiller this AM to see if it would work (I have been obscessing about how to deal with this since last night), and it did find the virus. I ran it again just now (log attached). Per your instructions, I am also attaching a new DDS log. I also ran a Sophos scan, and this time it didn't find anything. Google seems to be working normally, but as you said, sometimes these things look gone and they are not, so I appreciate your letting me know either way. Now a big question: Since Sophos didn't react in time to prevent this infection, since malwarebyte didn't detect it, how am i supposed to protect myself from these things in the future? I really don't do anything creative with my computer, everything (windows, etc) is constantly updated, and I got this virus from what is supposed to be a trusted real estate web-site. Is there an antivirus software out there that could have prevented this? TDSSKiller.2.4.18.0_24.02.2011_08.16.06_log.txt DDS.txt
  13. I am not certain I know how to disable script blockers (let me know if you can tell and thank you again). the required zip file is attached and I copied and pasted the other below. DDS (Ver_10-12-12.02) - NTFSx86 Run by Rivka at 17:16:40.12 on Wed 02/23/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.619 [GMT -7:00] AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\System32\svchost.exe -k Akamai C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\DDNi\Oasis2Service 1.0\Oasis2Service.exe C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskeng.exe C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Program Files\Sony\VAIO Care\VCSpt.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe C:\Program Files\Realtek\Audio\HDA\vncutil.exe C:\Program Files\AlpsPoint\ApMain.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Windows\system32\DllHost.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\igfxtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Upromise\dca-ua.exe C:\Program Files\Upromise\UpromiseTray.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Sony\VAIO Event Service\VESGfxMgr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\AlpsPoint\ApMsgFwd.exe C:\Program Files\DDNi\Oasis\Delay.exe C:\Windows\system32\IgfxExt.exe C:\Users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\DDNi\Oasis\Delay.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe C:\Program Files\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe C:\Windows\System32\vds.exe C:\Windows\system32\sppsvc.exe C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Internet Explorer\iexplore.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\Rivka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFMC8V22\dds[1].scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://sony.msn.com uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [upromise Update] c:\program files\upromise\dca-ua.exe uRun: [upromise Tray] c:\program files\upromise\UpromiseTray.exe uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [vncutil] c:\program files\realtek\audio\hda\vncutil.exe mRun: [ApMain] %ProgramFiles%\AlpsPoint\ApMain.exe mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [igfxExt] c:\windows\system32\IgfxExt.exe /RegServer mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rivka\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll LSP: c:\programdata\sophos web intelligence\swi_lsp.dll DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL acaptuser32.dll ============= SERVICES / DRIVERS =============== R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2010-4-6 23712] R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-12-23 122360] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-2-25 68144] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-8-6 17408] R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2011-1-12 648832] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-4-6 9344] R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-4-6 14720] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-4-6 316416] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-2-8 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-6 29472] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-12-23 22536] =============== Created Last 30 ================ 2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Log 2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Config 2011-02-23 01:50:28 -------- d-----w- c:\users\rivka\appdata\roaming\Malwarebytes 2011-02-23 01:50:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 01:50:02 -------- d-----w- c:\progra~2\Malwarebytes 2011-02-23 01:49:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 01:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 01:31:16 -------- d-----w- c:\users\rivka\appdata\roaming\Sammsoft 2011-02-23 01:30:35 -------- d-----w- c:\program files\ARO 2011 2011-02-22 20:10:43 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2011-02-22 20:08:28 -------- d-----w- c:\users\rivka\appdata\local\Sophos 2011-02-22 20:07:53 112056 ----a-w- c:\windows\system32\acaptuser32.dll 2011-02-22 20:01:16 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b8e57123-ce1d-442e-920e-0a294ae3ed65}\mpengine.dll 2011-02-22 19:44:29 -------- d-----w- C:\A9R8787.tmp 2011-02-22 19:22:13 -------- d-----w- c:\progra~2\fEhPmMp08200 2011-02-17 20:58:27 -------- d-----w- c:\users\rivka\appdata\local\ElevatedDiagnostics 2011-02-15 16:33:49 256 ----a-w- c:\windows\system32\pool.bin 2011-02-15 16:13:58 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys 2011-02-15 16:12:18 -------- d-----w- c:\program files\Research In Motion 2011-02-03 20:47:18 -------- d-----w- c:\users\rivka\appdata\roaming\Auslogics 2011-02-01 16:57:10 -------- d-----w- c:\users\rivka\appdata\roaming\upromise 2011-02-01 16:57:10 -------- d-----w- c:\program files\Upromise ==================== Find3M ==================== 2011-02-13 21:19:38 2516 --sha-w- c:\progra~2\KGyGaAvL.sys 2011-02-01 15:28:28 88 --sh--r- c:\progra~2\46BD3B2112.sys 2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys 2010-12-23 16:29:16 72748 ----a-w- c:\windows\unins000.exe 2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll 2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll 2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll 2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll 2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll 2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll 2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll 2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll 2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll 2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll 2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll 2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec 2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: TOSHIBA_THNSNB128GMLJ rev.BJSA0202 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys shpf.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85E31735]<< c:\windows\system32\drivers\shpf.sys Sony Corporation Sony HDD Protection _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85e37990]; MOV EAX, [0x85e37a0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x82C3E448] -> \Device\Harddisk0\DR0[0x85E163A8] 3 CLASSPNP[0x837A859E] -> ntkrnlpa!IofCallDriver[0x82C3E448] -> [0x85E16900] 5 shpf[0x88FE2D03] -> ntkrnlpa!IofCallDriver[0x82C3E448] -> [0x85D3D918] 7 ACPI[0x834253B2] -> ntkrnlpa!IofCallDriver[0x82C3E448] -> \IdeDeviceP0T0L0-0[0x850A4610] \Driver\atapi[0x85E1A910] -> IRP_MJ_CREATE -> 0x85E31735 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskTOSHIBA_THNSNB128GMLJ___________________BJSA0202#5&2f61bdc3&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user != kernel MBR !!! Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. ============= FINISH: 17:19:28.94 =============== DDS.zip
  14. Yesterday, I was infected by a troj/TDL3-Mem-B, despite having every update on my computer (Windows 7), and running Sophos. I had someone come in and use malwarebyte to get rid of it, which it apparently did. Well, today, it has reappeared and i am suspecting that the google redirect problem is secondary to this. The Sophos scan found the reoccuring infection, but malwarebyte apparently isn't, although I have the latest version, and I just updated the definition again. I am really baffled and frustrated to say the least. I would be so grateful for some help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.