Jump to content

HijackThis Log - Trojan Horse Generic30akck


Tang1
 Share

Recommended Posts

Hello,

The trojan Horse generic3030akck has been dictated on my computer but I have been unable to remove it so far. Please find attached the dds and attach logs. I am new to this forum and any help will be very much appreciated.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by tony fox at 15:43:04 on 2012-11-27

.

============== Running Processes ================

.

C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Sony\Click to DVD 2\ctdatsvr.exe

C:\Program Files\Sony\VAIO Launcher\Launcher.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Documents and Settings\tony fox\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\tony fox\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\tony fox\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\tony fox\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\tony fox\My Documents\Downloads\HijackThis.exe

C:\Program Files\AVG\AVG8\avgscanx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Documents and Settings\tony fox\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\tony fox\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\tony fox\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = iexplore

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart

uRun: [Google Update] "c:\documents and settings\tony fox\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [EPSON Stylus DX9400F Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticfe.exe /fu "c:\windows\temp\E_S16C.tmp" /EF "HKCU"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [Mouse Suite 98 Daemon] ICO.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Alcmtr] ALCMTR.EXE

mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [PDService.exe] c:\program files\utimaco\safeguard privatedisk\pdservice.exe

mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: &Search - <no file>

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\NPJPI150.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207323304746

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207341209125

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F3D34410-6F9A-4FDD-987E-410C6F7AEA27} - hxxps://now.abs-cbn.com/software/ES_EasyInstall.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{12F96322-E6F2-4AA5-B5FB-732433427E69} : DHCPNameServer = 192.168.0.1

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R? AVG Security Toolbar Service;AVG Security Toolbar Service

R? BBSvc;BingBar Service

R? ew_hwusbdev;Huawei MobileBroadband USB PNP Device

R? ewusbnet;HUAWEI USB-NDIS miniport

R? SkypeUpdate;Skype Updater

S? AdvancedSystemCareService5;Advanced SystemCare Service 5

S? avg8emc;AVG Free8 E-mail Scanner

S? avg8wd;AVG Free8 WatchDog

S? AvgLdx86;AVG Free AVI Loader Driver x86

S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86

S? AvgTdiX;AVG Free8 Network Redirector

S? avgtp;avgtp

S? BBUpdate;BBUpdate

S? DCService.exe;DCService.exe

S? huawei_enumerator;huawei_enumerator

S? MBAMProtector;MBAMProtector

S? MBAMScheduler;MBAMScheduler

S? MBAMService;MBAMService

S? PrivateDisk;PrivateDisk

S? RapportCerberus_43926;RapportCerberus_43926

S? RapportEI;RapportEI

S? RapportIaso;RapportIaso

S? RapportKELL;RapportKELL

S? RapportMgmtService;Rapport Management Service

S? RapportPG;RapportPG

S? TeamViewer6;TeamViewer 6

S? vToolbarUpdater13.2.0;vToolbarUpdater13.2.0

.

=============== Created Last 30 ================

.

2012-11-26 15:14:26 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-11-26 15:14:26 -------- d-----w- c:\windows\system32\wbem\Repository

2012-11-19 13:49:28 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

2012-11-19 13:49:17 -------- d-----w- c:\documents and settings\tony fox\application data\BabylonToolbar

2012-11-19 13:49:15 -------- d-----w- c:\documents and settings\all users\application data\Browser Manager

2012-11-19 13:49:14 -------- d-----w- c:\documents and settings\tony fox\application data\Free Download Manager

2012-11-19 13:48:27 -------- d-----w- c:\program files\Free Download Manager

2012-11-19 13:46:37 -------- d-----w- c:\documents and settings\tony fox\application data\Babylon

2012-10-28 16:46:34 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

==================== Find3M ====================

.

2012-11-08 15:48:30 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 15:46:03.85 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 04/04/2008 17:00:19

System Uptime: 27/11/2012 11:26:09 (4 hours ago)

Processor: Intel® Pentium® M processor 1.60GHz | N/A | 1596/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 47 GiB total, 22.284 GiB free.

D: is FIXED (NTFS) - 47 GiB total, 20.018 GiB free.

E: is Removable

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP738: 18/10/2012 17:30:06 - System Checkpoint

RP739: 19/10/2012 17:32:51 - System Checkpoint

RP740: 20/10/2012 18:08:38 - System Checkpoint

RP741: 21/10/2012 18:53:45 - System Checkpoint

RP742: 22/10/2012 18:59:14 - System Checkpoint

RP743: 24/10/2012 14:48:12 - System Checkpoint

RP744: 26/10/2012 00:07:14 - System Checkpoint

RP745: 27/10/2012 00:09:00 - System Checkpoint

RP746: 28/10/2012 00:42:10 - System Checkpoint

RP747: 28/10/2012 23:52:02 - System Checkpoint

RP748: 30/10/2012 16:23:55 - System Checkpoint

RP749: 31/10/2012 21:47:03 - System Checkpoint

RP750: 04/11/2012 11:38:27 - System Checkpoint

RP751: 05/11/2012 19:14:59 - System Checkpoint

RP752: 08/11/2012 18:28:36 - System Checkpoint

RP753: 09/11/2012 18:31:14 - System Checkpoint

RP754: 10/11/2012 18:57:22 - System Checkpoint

RP755: 14/11/2012 15:04:23 - System Checkpoint

RP756: 15/11/2012 01:56:31 - Software Distribution Service 3.0

RP757: 15/11/2012 09:08:37 - Installed Rapport

RP758: 16/11/2012 17:38:35 - System Checkpoint

RP759: 18/11/2012 19:14:55 - System Checkpoint

RP760: 19/11/2012 12:18:13 - Installed Rapport

RP761: 20/11/2012 12:57:33 - System Checkpoint

RP762: 21/11/2012 13:12:11 - System Checkpoint

RP763: 22/11/2012 14:01:34 - System Checkpoint

RP764: 25/11/2012 15:28:36 - System Checkpoint

RP765: 26/11/2012 00:55:45 - September restore point

RP766: 26/11/2012 01:10:20 - Restore Operation

RP767: 26/11/2012 01:17:25 - Restore Operation

RP768: 26/11/2012 01:27:17 - Restore Operation

RP769: 26/11/2012 01:37:13 - Restore Operation

RP770: 26/11/2012 14:35:26 - Restore Operation

RP771: 26/11/2012 15:22:59 - Installed Rapport

RP772: 27/11/2012 02:10:52 - Software Distribution Service 3.0

RP773: 27/11/2012 10:56:07 - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe Acrobat Elements 6.0

Adobe Flash Player 10 ActiveX

Adobe Photoshop 7.0

Adobe Photoshop Album 2.0 Starter Edition

Adobe Photoshop Elements 2.0

Adobe Premiere Standard

Adobe Reader 6.0.1

Adobe Reader 7.0

Advanced SystemCare 5

AiO_Scan

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft MediaImpression

AutoUpdate

AVG Free 8.5

AVG Security Toolbar

Belarc Advisor 8.2

Bing Bar

Bonjour

Click to DVD 2.0.01 Menu Data

Click to DVD 2.3.03

Compatibility Pack for the 2007 Office system

Critical Update for Windows Media Player 11 (KB959772)

Digital Video

DivX Codec

DivX Converter

DivX Player

DivX Web Player

DVgate Plus

EdgeStreamClient 2.2.6.0

Enterprise

EPSON Printer Software

EPSON Scan

ffdshow [rev 1692] [2007-12-09]

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

HDAUDIO SoftV92 Data Fax Modem with SmartCP

High Definition Audio Driver Package - KB835221

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP PSC & Officejet 4.2 Corporate Edition

Intel® Graphics Media Accelerator Driver for Mobile

Intel® PRO Network Connections Drivers

Intel® PROSet/Wireless Software

InterVideo WinDVD 5 for VAIO

InterVideo WinDVDX

iTunes

J2SE Runtime Environment 5.0

Kazaa Lite Resurrection 0.0.8

Macromedia Flash Player

Malwarebytes Anti-Malware version 1.65.1.1000

McDonald's Fairies

mCore

mDriver

Memory Stick Formatter

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

mMHouse

MoodLogic

mPfMgr

mProSafe

MSN

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MTN Internet

mWlsSafe

mXML

My Info Centre

Novation Bass-Station VSTi v1.10

NVIDIA Drivers

Olympus Digital Wave Player

OpenMG Limited Patch 4.7-07-14-05-01

OpenMG Secure Module 4.7.00

Orbit Downloader

PDFCreator

PictureGear Studio 2.0

Pinnacle Instant DVD Recorder

QFolder

QuickTime

Rapport

Realtek High Definition Audio Driver

SafeGuard® PrivateDisk 1.00.6 - Try and Buy Version

SAMSUNG CDMA Modem Driver Set

SAMSUNG Mobile Composite Device Software

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio 3

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Setting Utility Series

Skype™ 5.10

Sonic RecordNow!

SonicStage 4.3

SonicStage Mastering Studio 1.4

SonicStage Mastering Studio Audio Filter

SonicStage Mastering Studio Audio Filter Custom Preset

SonicStage Mastering Studio Plugins

Sony USB Mouse

Sony Utilities DLL

Sony Video Shared Library

Studio 11

TeamViewer 6

Ulead DVD MovieFactory 2

Ulead MediaStudio Pro 7.0

Ulead MediaStudio Pro 7.0 Patch3

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VAIO Edit Components

VAIO Entertainment Platform

VAIO Event Service

VAIO Fluid Wallpaper

VAIO Launcher

VAIO Light Flo Wallpaper

VAIO Media 4.0

VAIO Media Integrated Server 4.1

VAIO Media Redistribution 4.0

VAIO Media Registration Tool 4.0

VAIO Online Registration (English)

VAIO Original Screen Saver

VAIO Original Screen Saver VAIO Motion HD Normal Contents

VAIO Original Screen Saver VAIO Motion HD Wide Contents

VAIO Original Screen Saver VAIO Motion SD Normal Contents

VAIO Original Screen Saver VAIO Motion SD Wide Contents

VAIO Original Screen Saver VAIO Scene HD Normal Contents

VAIO Original Screen Saver VAIO Scene HD Wide Contents

VAIO Original Screen Saver VAIO Scene SD Normal Contents

VAIO Original Screen Saver VAIO Scene SD Wide Contents

VAIO Power Management

VAIO Product Survey (English)

VAIO Update 3

VAIO Zone

VOR

VPS

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Xvid 1.1.3 final uninstall

Yahoo! Desktop Login

.

==== Event Viewer Messages From Past Week ========

.

27/11/2012 10:38:39, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.

27/11/2012 10:37:42, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .

27/11/2012 10:37:42, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll. Reference error message: The operation completed successfully. .

27/11/2012 10:37:42, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

27/11/2012 10:20:54, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.

27/11/2012 01:19:29, error: MRxSmb [8003] - The master browser has received a server announcement from the computer OFFICE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{12F96322-E6F2-4AA5. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

I look forward to hearing from you and many thanks in advance.

Link to post
Share on other sites

Hello and welcome,

Can you UNinstall the following software iobit via start > control panel > Add/Remove Programs...

Next,

Please download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • Click on Scan

RGKRScan.png

Post the log that will be on your desktop..

Thanks,

Kevin

Link to post
Share on other sites

No nothing to do with Orbit, it shows in program files C:\Program Files\IObit is also showing in msconfig as running as advanced system care. It is not a good security program to have installed on your system.

If you do not see it when you navigate start > control panel > Add or Remove Programs, just leave for now and run RogueKiller first...

Link to post
Share on other sites

Thanks Kevin,

I have seen it via control panel as Advanced system care. It has been uninstalled. Please find below roguekiller report as requested.

Many thanks,

Tang

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : tony fox [Admin rights]

Mode : Scan -- Date : 11/28/2012 16:50:29

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] DCService.exe -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : EPSON Stylus DX9400F Series (C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\WINDOWS\TEMP\E_S16C.tmp" /EF "HKCU") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2432774525-1097754318-1563436208-1007[...]\Run : EPSON Stylus DX9400F Series (C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\WINDOWS\TEMP\E_S16C.tmp" /EF "HKCU") -> FOUND

[sTARTUP][NOTFOUND] tue0.40022097878722707.exe.lnk @tony fox : C:\WINDOWS\system32\rundll32.exe|C:\DOCUME~1\TONYFO~1\LOCALS~1\Temp\tue0.40022097878722707.exe,SuppS -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[19] : NtAssignProcessToJobObject @ 0x805CCB02 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F20DA)

SSDT[37] : NtCreateFile @ 0x8056E3EE -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F2CA6)

SSDT[53] : NtCreateThread @ 0x805C73DE -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys @ 0xAA35D670)

SSDT[62] : NtDeleteFile @ 0x8056BF8E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F2EB8)

SSDT[63] : NtDeleteKey @ 0x8061B222 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F6714)

SSDT[65] : NtDeleteValueKey @ 0x8061B3F2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F6756)

SSDT[98] : NtLoadKey @ 0x8061CFAA -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F68FA)

SSDT[116] : NtOpenFile @ 0x8056F50C -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F2DCA)

SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F2282)

SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F2482)

SSDT[137] : NtProtectVirtualMemory @ 0x805ADBC6 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F25C2)

SSDT[177] : NtQueryValueKey @ 0x80618FAA -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F685E)

SSDT[192] : NtRenameKey @ 0x8061A7A8 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F67A8)

SSDT[193] : NtReplaceKey @ 0x8061CE5A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F67EA)

SSDT[204] : NtRestoreKey @ 0x8061C766 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F6824)

SSDT[213] : NtSetContextThread @ 0x805C9036 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F2068)

SSDT[224] : NtSetInformationFile @ 0x805703F6 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F2F6A)

SSDT[247] : NtSetValueKey @ 0x806192F8 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F669C)

SSDT[254] : NtSuspendThread @ 0x805CAD9A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F1FE6)

SSDT[257] : NtTerminateProcess @ 0x805C86EA -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F1EEE)

SSDT[258] : NtTerminateThread @ 0x805C88E4 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F1F46)

S_SSDT[7] : NtGdiAlphaBlend -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F9128)

S_SSDT[13] : NtGdiBitBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F8F56)

S_SSDT[191] : NtGdiGetPixel -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F8FAC)

S_SSDT[227] : NtGdiMaskBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F904A)

S_SSDT[237] : NtGdiPlgBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F90A0)

S_SSDT[292] : NtGdiStretchBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F8FE8)

S_SSDT[298] : NtGdiTransparentBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F90E4)

S_SSDT[378] : NtUserFindWindowEx -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F33FC)

S_SSDT[477] : NtUserPrintWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F916C)

S_SSDT[483] : NtUserQueryWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xAA1F3366)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2100AT PL +++++

--- User ---

[MBR] 40f5c6e89135e12f2d8f8d9d7bc857a4

[bSP] 9f8b54fa3f46ac14b7d9e455c3912a5e : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 47685 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 97659135 | Size: 47708 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11282012_02d1650.txt >>

RKreport[1]_S_11282012_02d1650.txt

Link to post
Share on other sites

Thanks for the reply, Rerun RogueKiller again, when the scan completes Select the Delete tab, when that completes post the log..

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

Combofix

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the logs in next reply please...

Kevin

Link to post
Share on other sites

Regarding the Auto run enquiry, go here http://support.microsoft.com/kb/967715 Scroll down the page until you fin the apprpriate Fixit...

Next,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:


ClearJavaCache::
Killall::
Folder::
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Browser Manager
c:\documents and settings\tony fox\Application Data\Free Download Manager
c:\program files\Free Download Manager
c:\documents and settings\tony fox\Application Data\Babylon
RegLockDelete::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44fb0b1d-25c4-4044-8d67-1249b1e7d24b}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Copy and paste the logs, do not attach them...

Thanks,

Kevin

Link to post
Share on other sites

Thank you Kevin,

So far I dragged the CFScript.txt file to combofix.exe.

It then gave me the option to run or cancel. I clicked run.

It then asked if I wanted to update combofix. I clicked yes and agreed to terms & conditions.

It then proceed to open the AutoScan screen with the following information:

[scanning for infected files ...........

This typically doesn't take more than 10 minutes

However, scan times for badly infected machines may easily double

- ]

It has stayed on this screen now for almost 2 hours with nothing happening apart from the dash ( - ) flashing on and off.

So far I haven't gone to Eset webpage or even touched the computer at all (I am replying from a different laptop).

Is there anything I need to do ? If not how much longer should I leave it on this screen ?

I wait to hear from you.

Many thanks,

Tang

Link to post
Share on other sites

If Combofix is still frozen see if you can stop it using the following instruction: Use Ctrl-Alt -Del keys together to open Taskmanager

Open Taskmanager and look for the following ComboFix related processes (some have a .3XE extension):

  • PEV.exe
  • NirCmd.3XE
  • PEV.3XE
  • SED
  • GREP
  • any file that has the extension *.3XE

One at a time, right-click and select End Process. If doing that did not free ComboFix, then you will need to reboot the computer manually.

Let me know if you managed to stop Combofix

Link to post
Share on other sites

Hi Kevin,

I couldn't open taskmanager using ctrl-alt-del, so tried manual reboot as requested. The computer closed down but couldn't restart.

This is what happens:

When I press the power on button I see the power lights come on, I hear the fan turning, a brief light shows on the screen, I hear 2 or 3 quick beeps but then the computer switches back off. At the moment I can't start the computer. Please let us know how to proceed.

I wait to hear from you.

Thanks,

Tang

Link to post
Share on other sites

I have just tried listening to the beeps again but for some reason I can't hear any this time. When I heard it before it was hard to clearing distinguish the beeps because they were quite close together. I will try it again later and if I hear any beeps I will update you.The laptop is Sony Vaio VGN-FS115B, Model PCG-791M. I am not sure if it can boot into safe mode because it doesn't come on at all, to allow me to press the F8 or similar keys. I don't know if there is any other way to boot into safe mode.

I await your instructions.

Thanks

Tang

Link to post
Share on other sites

I

When Combofix was first run it installed the Revovery Console, normally when that is done you will see that as an option as you boot. It is necessary to use the up/down arrows to select the recovery console, is that an option?

I don't think so because I can't boot it at all. The laptop doesn't turn on and there is nothing on the screen, so there are no boot options.

Link to post
Share on other sites

Remove the battery, connect power adaptor cable, does it power on now?

There is power getting to the laptop as the power lights come on when I press the power on button, but before any thing comes on the screen the laptop turns itself off. This happens irrespective of whether its done with the battery or power adaptor cable connected.

Link to post
Share on other sites

That actually sounds more like a hardware issue, How many sticks of ram? can you remove, clean and reseat. If more than one stick remove one at a time and re-boot. Does it boot with one removed?

Check Hard Drive, make sure is OK, go here http://www.seagate.com/support/internal-hard-drives/consumer-electronics/ld25-series/seatools-dos-master/ follow the instructions to create and use Bootable CD to test HD. If Laptop will not boot from Seagate CD you will have to alter boot option in BIOS.

Link to post
Share on other sites

Regarding the Auto run enquiry, go here http://support.microsoft.com/kb/967715 Scroll down the page until you fin the apprpriate Fixit...

Next,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:


ClearJavaCache::
Killall::
Folder::
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Browser Manager
c:\documents and settings\tony fox\Application Data\Free Download Manager
c:\program files\Free Download Manager
c:\documents and settings\tony fox\Application Data\Babylon
RegLockDelete::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44fb0b1d-25c4-4044-8d67-1249b1e7d24b}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/...online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Copy and paste the logs, do not attach them...

Thanks,

Kevin

Ok the laptop is now back on.

Before the freeze I drag CFScript into ComboFix.exe

but combofix froze so a log wasn't produced. I am not sure if a log was generated internally within combofix but just wasn't displayed. So far I haven't run an online scanner from ESET web page yet. Please could you let me know how to proceed from here.

Many thanks.

Tang

Link to post
Share on other sites

Do not worry about Combofix log, I`d rather you ran ESET and see what that produces.... Also let me know what you did to get the laptop to boot

I am waiting for the ESET scan to complete.

This is what I did to get the laptop to boot:

- I took out the memmory chips one at a time - not resolved

- swapped over the two chips - not resolved

- took out both chips and replace one of the slots with a new one - laptop started (important - I noticed that after pressing down the power on button I released it very quickly)

- So I put back the 2 old chips in their slots but this time I gave the power on button a quick push and released it immediately - boot Successful.

Hope this makes sense. I presume it had something to do with the contact at the power on button.

I will forward the ESET scan results shortly.

Many thanks once again.

Tang

Link to post
Share on other sites

I am waiting for the ESET scan to complete.

This is what I did to get the laptop to boot:

- I took out the memmory chips one at a time - not resolved

- swapped over the two chips - not resolved

- took out both chips and replace one of the slots with a new one - laptop started (important - I noticed that after pressing down the power on button I released it very quickly)

- So I put back the 2 old chips in their slots but this time I gave the power on button a quick push and released it immediately - boot Successful.

Hope this makes sense. I presume it had something to do with the contact at the power on button.

I will forward the ESET scan results shortly.

Many thanks once again.

Tang

Further to my previous reply please find below ESET SCAN results as requested. Doesn't look too good !

C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\mngr.js Win32/bProtector.C application

C:\Documents and Settings\tony fox\My Documents\Downloads\cnet2_wctrial_zip.exe a variant of Win32/InstallCore.D application

C:\Documents and Settings\tony fox\My Documents\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application

C:\Downloads\asc5-setup(1).exe a variant of Win32/ELEX application

C:\Downloads\asc5-setup.exe a variant of Win32/ELEX application

C:\Downloads\OrbitSetup4.1.02(1).exe Win32/OpenCandy application

C:\Downloads\OrbitSetup4.1.02.exe Win32/OpenCandy application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP762\A0529337.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP762\A0529339.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP763\A0532210.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP764\A0532985.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP766\A0533000.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP767\A0533115.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP768\A0533228.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP769\A0533329.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP770\A0533563.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP770\A0534284.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP770\A0535659.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP770\A0535662.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP770\A0536298.dll Win32/bProtector.D application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP770\A0536319.exe probably a variant of Win32/Toolbar.Babylon application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP770\A0536328.dll a variant of Win32/Toolbar.Babylon application

C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}\RP770\A0537215.dll a variant of Win32/bProtector.A application

I wait to hear from you.

Thanks,

Tang

Link to post
Share on other sites

Good news with the laptop on the Boot issue, possibly resetting the ram sticks has made the difference. Not sure why the power button should make a difference. At least you got it working.. OK, continue as follows;

That is not as bad as it looks, ok do the following:

Please download OTM by OldTimer.

Alternative Mirror 1

Alternative Mirror 2

Save it to your desktop.

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\tony fox\My Documents\Downloads\cnet2_wctrial_zip.exe
    C:\Documents and Settings\tony fox\My Documents\Downloads\iLividSetupV1.exe
    C:\Downloads\asc5-setup(1).exe
    C:\Downloads\asc5-setup.exe
    C:\Downloads\OrbitSetup4.1.02(1).exe
    C:\Downloads\OrbitSetup4.1.02.exe
    c:\documents and settings\All Users\Application Data\Tarma Installer
    c:\documents and settings\All Users\Application Data\Browser Manager
    c:\documents and settings\tony fox\Application Data\Free Download Manager
    c:\program files\Free Download Manager
    c:\documents and settings\tony fox\Application Data\Babylon
    :Commands
    [ClearAllRestorePoints]
    [EmptyTemp]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Run DDS and post a fresh set of logs, I give instruction again...

Download and save DDS to your Desktop from either of the following links:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr

Double click DDS to run the scan, Vista or Windows 7 user accept UAC alert.

There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txt

Copy and paste those two logs to your reply when the scan is complete....

Let me see the logs from OTM and DDS, Also let me know how your system is responding and what issues remain...

Thanks,

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.