Jump to content

dektoplayer.exe infection on windows 7 64 bit


ElsD

Recommended Posts

Hi,

While I was browsing earlier I got a notice from windows firewall about a program requesting access, being suspicious I shut off my internet and ran MBAM, it found 10 items, rebooted then found 3 still remaining, this continued the reboot after that so the deletion of desktoplayer.exe was not making any difference!

I attach the first MBAM log (the 3 items that were found in the others are the two userinit registry changes and of course desktoplayer.exe) and DDS scan results. GMER does not seem to run on Windows 7 64-bit so no luck there im afraid.

Blocked out my name on these logs

MBAM log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4706

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

28/09/2010 00:44:57

mbam-log-2010-09-28 (00-44-57).txt

Scan type: Quick scan

Objects scanned: 142906

Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

C:\Users\******\AppData\Roaming\Evse\wiydk.exe (Spyware.Zbot) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{1a5dd19f-7ba9-82f7-2941-e458ceff9514} (Spyware.Zbot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nonep (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files (x86)\microsoft\desktoplayer.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (userinit.exe,c:\program files (x86)\microsoft\desktoplayer.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\*****\AppData\Roaming\Evse\wiydk.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

C:\Users\*****\AppData\Local\Temp\tmp77051bb6\KillEXE.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\*****\AppData\Local\Temp\0.06944540075251504.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Microsoft\desktoplayer.exe (Trojan.Agent) -> Delete on reboot.

C:\Users\Elliott (Trojan.Agent) -> Quarantined and deleted successfully.

DDS Log

DDS (Ver_10-03-17.01) - NTFSX64

Run by ***** at 1:31:30.70 on 28/09/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.5998.4349 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe

C:\Program Files\Sony\VAIO Care\VAIOCareService.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Creative\USB Speaker\Volume Panel\VolPanlu.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Sony\VAIO Care\collsvc.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\******\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01

mLocal Page = c:\windows\syswow64\blank.htm

mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files (x86)\microsoft\desktoplayer.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office14\GROOVEEX.DLL

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized

mRun: [iAStorIcon] c:\program files (x86)\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iSBMgr.exe] "c:\program files (x86)\sony\isb utility\ISBMgr.exe"

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [PMBVolumeWatcher] c:\program files (x86)\sony\pmb\PMBVolumeWatcher.exe

mRun: [MarketingTools] c:\program files (x86)\sony\marketing tools\MarketingTools.exe

mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"

mRun: [bCSSync] "c:\program files (x86)\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [VolPanel] "c:\program files (x86)\creative\usb speaker\volume panel\VolPanlu.exe" /r

mRun: [updReg] c:\windows\UpdReg.EXE

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\micros~1\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files (x86)\evernote\evernote3.5\enbar.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

Notify: VESWinlogon - VESWinlogon.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office14\GROOVEEX.DLL

BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll

BHO-X64: Windows Live Family Safety Browser Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\partner\Partner64.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg64.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll

mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s

mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe

mRun-x64: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\elliot~1\appdata\roaming\mozilla\firefox\profiles\ep11a3fd.default\

FF - prefs.js: browser.startup.homepage - www.google.co.uk

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\progra~2\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~2\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-9-13 55280]

R1 RapportKE64;RapportKE64;c:\program files (x86)\trusteer\rapport\bin\RapportKE64.sys [2010-8-31 62960]

R1 RapportPG64;RapportPG64;c:\program files (x86)\trusteer\rapport\bin\RapportPG64.sys [2010-8-31 56816]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-19 202752]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-5-19 13336]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-31 767208]

R2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-5-19 93696]

R2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-5-19 75776]

R2 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-9-13 167424]

R2 uCamMonitor;CamMonitor;c:\program files (x86)\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2010-9-13 104960]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\intel\intel® management engine components\uns\UNS.exe [2010-9-23 2320920]

R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-9-14 642416]

R2 VSNService;VSNService;c:\program files\sony\vaio smart network\VSNService.exe [2010-9-13 821760]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-9-13 19968]

R3 clfiltv;clfiltv;c:\windows\system32\drivers\clfiltv.sys [2010-9-27 24064]

R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-5-19 56344]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-5-19 151936]

R3 RapportLaunService;Rapport Launching Service;c:\program files (x86)\trusteer\rapport\bin\RapportLaunService64.exe [2010-8-31 525808]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-5-19 11392]

R3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-9-13 571248]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2010-5-19 395264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-9-23 135664]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\sitead~1\mcsacore.exe --> c:\progra~2\mcafee\sitead~1\mcsacore.exe [?]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\roxio\digital home 10\RoxioUpnpService10.exe [2009-8-31 362992]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-5-19 52264]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-5-19 35104]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-9-27 153088]

S3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTHOALLicensing.exe [2010-9-27 153088]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-13 61280]

S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-5-19 244736]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Partner Service;Partner Service;c:\programdata\partner\Partner.exe [2010-9-13 332272]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\roxio\digital home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]

S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2010-9-27 28160]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\common files\sony shared\sohlib\SOHCImp.exe [2010-9-13 120104]

S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\common files\sony shared\sohlib\SOHDBSvr.exe [2010-9-13 70952]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\common files\sony shared\sohlib\SOHDms.exe [2010-9-13 427304]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\common files\sony shared\sohlib\SOHDs.exe [2010-9-13 75048]

S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\common files\sony shared\sohlib\SOHPlMgr.exe [2010-9-13 91432]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-9-13 480624]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-9-13 361840]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper64.exe [2010-9-13 110960]

S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-9-13 1165680]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-25 1255736]

=============== Created Last 30 ================

2010-09-27 23:38:29 0 d-----w- c:\users\elliot~1\appdata\roaming\Malwarebytes

2010-09-27 23:38:22 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-27 23:38:22 0 d-----w- c:\programdata\Malwarebytes

2010-09-27 23:38:22 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-09-27 23:34:09 0 d-----w- c:\program files (x86)\tmp

2010-09-27 21:54:11 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL

2010-09-27 21:54:11 73728 ----a-w- c:\windows\syswow64\CmdRtr.DLL

2010-09-27 21:54:11 190464 ----a-w- c:\windows\system32\APOMgr64.DLL

2010-09-27 21:54:11 147968 ----a-w- c:\windows\syswow64\APOMngr.DLL

2010-09-27 21:10:30 7062 ----a-w- c:\windows\syswow64\audiopid.vxd

2010-09-27 21:10:08 53248 ------w- c:\windows\Ctregrun.exe

2010-09-27 21:08:18 0 d-----w- c:\programdata\Creative

2010-09-27 21:08:16 90112 ------w- c:\windows\Updreg.EXE

2010-09-27 21:07:56 0 d-----w- c:\program files (x86)\common files\Creative

2010-09-27 21:07:55 0 d--h--w- c:\program files (x86)\Creative Installation Information

2010-09-27 21:07:52 25050 ----a-r- c:\windows\system32\xfisk.ini

2010-09-27 21:07:51 28160 ----a-w- c:\windows\system32\drivers\skfiltv.sys

2010-09-27 21:07:51 1209 ----a-w- c:\windows\xfiskcfg.ini

2010-09-27 21:07:47 497664 ----a-w- c:\windows\syswow64\CTAPO32.dll

2010-09-27 21:07:47 0 d-----w- c:\program files\Creative

2010-09-27 21:07:46 373 ---ha-r- c:\windows\ctfile.rfc

2010-09-27 21:07:31 782336 ----a-r- c:\windows\syswow64\tmpD125.tmp

2010-09-27 21:07:29 2873821 ------w- c:\windows\syswow64\Sens_oal.dll

2010-09-27 21:07:29 1908736 ------w- c:\windows\system32\Sens_oal.dll

2010-09-27 21:07:23 0 d-----w- c:\programdata\Creative Labs

2010-09-27 21:06:36 0 d-----w- c:\program files (x86)\common files\Creative Labs Shared

2010-09-27 21:06:16 0 d-----w- c:\program files (x86)\Creative

2010-09-26 22:20:46 0 d-----w- c:\users\elliot~1\appdata\roaming\Bexi

2010-09-26 13:16:03 75 ----a-w- c:\windows\syswow64\AniGIF2.lic

2010-09-26 13:16:03 282624 ----a-w- c:\windows\syswow64\AniGIF.ocx

2010-09-26 13:13:35 0 d-----w- c:\program files (x86)\Flight One Software

2010-09-25 07:33:42 2058752 ----a-w- c:\windows\syswow64\iertutil.dll

2010-09-25 07:30:18 0 d-----w- c:\program files (x86)\Bevelstone Production

2010-09-25 07:29:19 0 d-----w- c:\windows\syswow64\URTTEMP

2010-09-25 07:09:08 0 d-----w- c:\windows\syswow64\Wat

2010-09-25 07:09:08 0 d-----w- c:\windows\system32\Wat

2010-09-25 00:41:10 0 d-----w- c:\program files (x86)\MSXML 4.0

2010-09-25 00:40:31 294912 ----a-w- c:\windows\system32\browserchoice.exe

2010-09-25 00:33:19 56832 ------w- c:\windows\syswow64\mwace.dll

2010-09-25 00:33:19 28672 ------w- c:\windows\syswow64\mwgfxcopy.exe

2010-09-25 00:33:19 237056 ------w- c:\windows\syswow64\mwgfx24.dll

2010-09-25 00:33:19 191488 ------w- c:\windows\syswow64\mwgfx.dll

2010-09-25 00:33:19 104960 ------w- c:\windows\syswow64\mwdds.dll

2010-09-25 00:33:19 0 d-----w- C:\Graphics

2010-09-25 00:27:43 803366 ----a-w- c:\windows\syswow64\PerfStringBackup.INI

2010-09-25 00:25:06 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll

2010-09-25 00:25:06 49472 ----a-w- c:\windows\syswow64\netfxperf.dll

2010-09-25 00:25:06 48960 ----a-w- c:\windows\system32\netfxperf.dll

2010-09-25 00:25:06 444752 ----a-w- c:\windows\system32\mscoree.dll

2010-09-25 00:25:06 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2010-09-25 00:25:06 297808 ----a-w- c:\windows\syswow64\mscoree.dll

2010-09-25 00:25:06 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe

2010-09-25 00:25:06 1942856 ----a-w- c:\windows\system32\dfshim.dll

2010-09-25 00:25:06 1130824 ----a-w- c:\windows\syswow64\dfshim.dll

2010-09-25 00:25:06 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-09-24 23:26:46 143360 ----a-w- c:\windows\syswow64\unzip32.dll

2010-09-24 23:26:46 0 d-----w- c:\program files (x86)\MRAI Install Wizard v1.23

2010-09-24 22:19:38 0 d-----w- c:\program files (x86)\Abacus

2010-09-24 21:38:57 0 d-----w- c:\windows\Downloaded Installations

2010-09-24 19:15:44 0 d-----w- c:\programdata\Roxio

2010-09-24 09:45:36 12867584 ----a-w- c:\windows\syswow64\shell32.dll

2010-09-24 09:45:03 84992 ----a-w- c:\windows\system32\asycfilt.dll

2010-09-24 09:45:03 67584 ----a-w- c:\windows\syswow64\asycfilt.dll

2010-09-24 09:44:33 463360 ----a-w- c:\windows\system32\drivers\srv.sys

2010-09-24 09:44:33 404992 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-09-24 09:44:33 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-09-24 09:44:02 1736608 ----a-w- c:\windows\system32\ntdll.dll

2010-09-24 09:44:02 1289528 ----a-w- c:\windows\syswow64\ntdll.dll

2010-09-24 09:43:31 340992 ----a-w- c:\windows\system32\schannel.dll

2010-09-24 09:43:31 224256 ----a-w- c:\windows\syswow64\schannel.dll

2010-09-24 09:41:50 976896 ----a-w- c:\windows\system32\inetcomm.dll

2010-09-24 09:41:50 740864 ----a-w- c:\windows\syswow64\inetcomm.dll

2010-09-24 09:41:19 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-09-24 09:40:18 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-09-24 09:40:18 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe

2010-09-24 09:40:17 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe

2010-09-24 09:38:39 52224 ----a-w- c:\windows\system32\rtutils.dll

2010-09-24 09:38:39 37376 ----a-w- c:\windows\syswow64\rtutils.dll

2010-09-24 09:37:34 558592 ----a-w- c:\windows\system32\spoolsv.exe

2010-09-24 09:37:03 82944 ----a-w- c:\windows\syswow64\iccvid.dll

2010-09-24 09:36:33 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-09-24 09:35:57 144384 ----a-w- c:\windows\system32\cdd.dll

2010-09-24 09:35:26 961024 ----a-w- c:\windows\system32\CPFilters.dll

2010-09-24 09:35:26 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-09-24 09:35:26 552960 ----a-w- c:\windows\system32\msdri.dll

2010-09-24 09:35:26 288256 ----a-w- c:\windows\system32\MSNP.ax

2010-09-24 09:35:26 258560 ----a-w- c:\windows\system32\mpg2splt.ax

2010-09-24 09:35:26 204288 ----a-w- c:\windows\syswow64\MSNP.ax

2010-09-24 09:35:26 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax

2010-09-24 09:34:23 3122688 ----a-w- c:\windows\system32\win32k.sys

2010-09-24 09:33:52 1877504 ----a-w- c:\windows\system32\msxml3.dll

2010-09-24 09:33:52 1233920 ----a-w- c:\windows\syswow64\msxml3.dll

2010-09-24 09:33:22 1446912 ----a-w- c:\windows\system32\lsasrv.dll

2010-09-24 09:33:21 96768 ----a-w- c:\windows\syswow64\sspicli.dll

2010-09-24 09:33:21 22016 ----a-w- c:\windows\syswow64\secur32.dll

2010-09-24 09:33:21 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-09-24 09:32:47 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-09-24 09:32:46 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-09-24 09:32:46 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-09-24 09:32:46 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-09-24 09:32:23 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-09-24 09:32:23 2048 ----a-w- c:\windows\system32\tzres.dll

2010-09-24 08:57:27 0 d-----w- c:\users\elliot~1\appdata\roaming\Evse

2010-09-23 19:04:50 0 d-----w- c:\users\elliot~1\appdata\roaming\Trusteer

2010-09-23 19:04:48 0 d-----w- c:\program files (x86)\Trusteer

2010-09-23 19:03:32 0 d-----w- c:\programdata\Trusteer

2010-09-23 17:36:40 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2010-09-23 17:36:26 0 d-----w- c:\program files\Microsoft Office

2010-09-23 17:36:18 0 d-----w- c:\program files (x86)\Microsoft Analysis Services

2010-09-23 17:36:05 0 d-----w- c:\programdata\Microsoft Help

2010-09-23 15:36:34 0 d-----w- c:\program files (x86)\Microsoft Games

2010-09-23 14:47:27 0 d-----w- c:\programdata\ArcSoft

2010-09-23 14:47:08 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-09-23 14:45:30 0 d-----r- c:\program files (x86)\Skype

2010-09-23 14:45:29 0 d-----w- c:\programdata\Skype

2010-09-23 14:12:32 0 d-----w- c:\users\elliot~1\appdata\roaming\Spotify

2010-09-23 14:12:30 0 d-----w- c:\program files (x86)\Spotify

2010-09-23 13:51:38 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-09-23 13:47:11 0 d-----w- c:\users\*****n\Tracing

2010-09-23 13:16:40 0 d-----w- c:\users\elliot~1\appdata\roaming\Intel Corporation

2010-09-23 13:14:36 220672 ----a-w- c:\windows\system32\wintrust.dll

2010-09-23 13:14:36 172032 ----a-w- c:\windows\syswow64\wintrust.dll

2010-09-23 13:14:13 0 ---ha-r- c:\windows\system32\drivers\104D_Sony_VPCEC2C5E.mrk

2010-09-23 13:13:38 0 d--h--w- c:\windows\msdownld.tmp

2010-09-13 10:21:28 0 d-----w- C:\Documentation

2010-09-13 10:21:28 0 d-----w- C:\_FS_SWRINFO

2010-09-13 10:21:11 61280 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2010-09-13 10:21:11 0 d-----w- c:\program files\Windows Live

2010-09-13 10:20:24 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-09-13 10:20:24 3426072 ----a-w- c:\windows\syswow64\d3dx9_32.dll

2010-09-13 10:18:08 0 d-----w- c:\program files (x86)\Microsoft

2010-09-13 10:17:45 0 d-----w- c:\program files (x86)\Windows Live SkyDrive

2010-09-13 10:17:02 0 d-----w- c:\windows\PCHEALTH

2010-09-13 10:14:44 0 d-----w- c:\program files (x86)\common files\Windows Live

2010-09-13 10:14:04 0 d-----w- c:\program files (x86)\Sony Corporation

2010-09-13 10:13:49 131072 ----a-w- c:\windows\ocsetup_install_OEMHelpCustomization.etl

2010-09-13 10:12:11 3727720 ----a-w- c:\windows\syswow64\d3dx9_35.dll

2010-09-13 10:11:39 0 d-----w- c:\temp\VAIO Links

2010-09-13 10:11:39 0 d-----w- C:\Temp

2010-09-13 10:11:22 98304 ----a-w- c:\windows\syswow64\VESWinlogon.dll

2010-09-13 10:04:36 0 d-----w- c:\program files\Sony

2010-09-13 10:04:32 455680 ----a-w- c:\windows\system32\deploytk.dll

2010-09-13 10:04:29 0 d-----w- c:\program files\Java

2010-09-13 10:03:53 411368 ----a-w- c:\windows\syswow64\deploytk.dll

2010-09-13 10:03:53 149280 ----a-w- c:\windows\syswow64\javaws.exe

2010-09-13 10:03:53 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-09-13 10:03:53 145184 ----a-w- c:\windows\syswow64\java.exe

2010-09-13 10:02:50 0 d-----w- c:\program files (x86)\VAIO screensavers

2010-09-13 10:02:46 0 d-----w- c:\programdata\Uninstall

2010-09-13 10:02:41 0 d-----w- c:\programdata\Sonic

2010-09-13 10:02:35 0 d-----w- c:\program files (x86)\Roxio

2010-09-13 10:02:19 0 d-----w- c:\program files (x86)\common files\Sonic Shared

2010-09-13 10:02:07 72176 ------w- c:\windows\syswow64\pxhpinst.exe

2010-09-13 10:02:07 563696 ------w- c:\windows\syswow64\pxdrv.dll

2010-09-13 10:02:07 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys

2010-09-13 10:02:07 133616 ------w- c:\windows\syswow64\pxafs.dll

2010-09-13 10:02:07 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys

2010-09-13 10:02:07 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2010-09-13 10:02:07 0 d-----w- c:\program files (x86)\common files\PX Storage Engine

2010-09-13 09:58:00 228 ----a-w- c:\windows\syswow64\MsiExec.config

2010-09-13 09:57:58 0 d-----w- c:\programdata\MusicStation

2010-09-13 09:57:58 0 d-----w- c:\program files (x86)\MusicStation

2010-09-13 09:57:40 0 d-----w- c:\program files\Microsoft Synchronization Services

2010-09-13 09:57:39 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-09-13 09:57:38 0 d-----w- c:\program files (x86)\Microsoft Synchronization Services

2010-09-13 09:57:38 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2010-09-13 09:55:35 520544 ----a-w- c:\windows\system32\d3dx10_41.dll

2010-09-13 09:55:35 453456 ----a-w- c:\windows\syswow64\d3dx10_41.dll

2010-09-13 09:55:35 2430312 ----a-w- c:\windows\system32\D3DCompiler_41.dll

2010-09-13 09:55:35 1846632 ----a-w- c:\windows\syswow64\D3DCompiler_41.dll

2010-09-13 09:55:34 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll

2010-09-13 09:55:34 4178264 ----a-w- c:\windows\syswow64\D3DX9_41.dll

2010-09-13 09:54:50 0 d-----w- c:\programdata\SiteAdvisor

2010-09-13 09:46:03 0 d-----w- c:\program files (x86)\McAfee

2010-09-13 09:46:02 0 d-----w- c:\programdata\McAfee

2010-09-13 09:45:27 2119 ----a-w- c:\windows\syswow64\McOEMAppRules.dat

2010-09-13 09:45:17 499712 ----a-r- c:\windows\syswow64\msvcp71.dll

2010-09-13 09:45:17 348160 ----a-w- c:\windows\syswow64\msvcr71.dll

2010-09-13 09:45:17 245408 ----a-w- c:\windows\syswow64\unicows.dll

2010-09-13 09:45:17 212480 ----a-w- c:\windows\syswow64\PCDLIB32.DLL

2010-09-13 09:45:16 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll

2010-09-13 09:45:16 19968 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys

2010-09-13 09:45:09 0 d-----w- c:\program files\Google

2010-09-13 09:44:49 0 d-----w- c:\programdata\Google

2010-09-13 09:44:43 0 d-----w- c:\programdata\Partner

2010-09-13 09:44:41 0 d-----w- c:\windows\syswow64\Macromed

2010-09-13 09:44:38 0 d-----w- c:\program files (x86)\Evernote

2010-09-13 09:44:03 0 d-----w- c:\programdata\Evernote

2010-09-13 09:43:55 0 d--h--w- C:\SPLASH.000

2010-09-13 09:43:46 0 d--h--w- C:\SPLASH.SYS

2010-09-13 09:43:08 0 d-----w- c:\program files (x86)\Downloaded Installations

2010-09-13 09:42:40 0 d-----w- c:\programdata\ATI

2010-09-13 09:42:15 0 d-----w- c:\program files (x86)\ATI Technologies

2010-09-13 09:41:42 0 d-----w- c:\programdata\Adobe

2010-09-13 09:41:04 0 d-----w- c:\windows\Sonysys

2010-09-13 09:40:57 0 d-----w- c:\program files (x86)\SONY

2010-09-13 09:40:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01007.Wdf

2010-09-13 09:40:01 0 d-----w- c:\program files\Apoint

2010-09-13 09:39:40 0 d-----w- c:\program files\Realtek

2010-09-13 09:39:32 0 d--h--w- c:\program files (x86)\Temp

2010-09-13 09:39:32 0 d-----w- c:\program files (x86)\Realtek

==================== Find3M ====================

2010-09-27 21:55:36 419840 ----a-w- c:\windows\system32\wrap_oal.dll

2010-09-27 21:55:36 413696 ----a-w- c:\windows\syswow64\wrap_oal.dll

2010-09-27 21:55:36 133632 ----a-w- c:\windows\system32\OpenAL32.dll

2010-09-27 21:55:36 110592 ----a-w- c:\windows\syswow64\OpenAL32.dll

2010-09-13 18:33:43 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2010-09-13 18:33:43 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2010-09-13 18:33:43 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2010-09-13 18:33:43 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll

2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll

2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll

2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll

2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll

2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll

2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 1:32:12.20 ===============

Many Thanks!

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

Since I only got the laptop a few days ago, I'm currently puting it through the recovery process to restore it to the original factory settings, I use the computer for online banking and dont want to be constantly wondering whether I'm secure. Thanks for your help!

Just wondering, does the commercial version of MBAM provide the sort of real-time protection that would protect me from things like this in future?

Link to post
Share on other sites

  • Staff
Just wondering, does the commercial version of MBAM provide the sort of real-time protection that would protect me from things like this in future?
Yes it does. With it you are far less likely to get infected in the future with its different types of protection. The purchase of the Pro version of MBAM is a lifetime license so you will be protected for a long, long time. :)

Of course, having an antivirus installed for MBAM to complement is highly recommended as well, since MBAM is not a replacement for an antivirus.

Let me know if you have any additional questions.

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.