Jump to content

Random Redirect in IE FF Chrome, can't download hijackthis

stayley

By stayley
in Resolved Malware Removal Logs

 Share

Recommended Posts

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

stayley

stayley

Posted
  • Author
Posted

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-12-03 09:50:21

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 ->

\Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2100BH_PL

rev.00000029

Running: 8efp5l4w.exe; Driver:

C:\DOCUME~1\stephen\LOCALS~1\Temp\pxtdypoc.sys

---- System - GMER 1.0.15 ----

SSDT F7C4F2E6

ZwCreateKey

SSDT \??\C:\Program Files\Enigma Software

Group\SpyHunter\esgiguard.sys

ZwCreateSection [0xF7B56700]

SSDT F7C4F2DC

ZwCreateThread

SSDT F7C4F2EB

ZwDeleteKey

SSDT F7C4F2F5

ZwDeleteValueKey

SSDT F7C4F2FA

ZwLoadKey

SSDT F7C4F2C8

ZwOpenProcess

SSDT \SystemRoot\system32\drivers\dwprot.sys

ZwOpenSection

[0xA7E9E7E0]

SSDT F7C4F2CD

ZwOpenThread

SSDT F7C4F304

ZwReplaceKey

SSDT F7C4F2FF

ZwRestoreKey

SSDT F7C4F2F0

ZwSetValueKey

SSDT \SystemRoot\system32\drivers\dwprot.sys

ZwSystemDebugControl [0xA7E9E70E]

---- Kernel code sections - GMER 1.0.15 ----

? system32\drivers\dwprot.sys

The system cannot

find the path specified. !

?

C:\DOCUME~1\stephen\LOCALS~1\Temp\45cXDpBS.sys

The system cannot find the file

specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes

[28, 00, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte

[28]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes

[28, 03, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes

[68, 00, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes

[A8, 01, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes

CALL 7B90ED1A

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes

[A8, 02, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes

[68, 01, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenThread + B 7C90D669 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes

[68, 02, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes

CALL 7B90ED8B

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes

[A8, 00, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes

CALL 7B90EEB9

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes

[28, 01, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes

[28, 02, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte

[68]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes

[68, 03, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[244]

ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes

[28, 00, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte

[28]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes

[28, 03, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes

[68, 00, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes

[A8, 01, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes

CALL 7B90ED1A

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes

[A8, 02, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes

[68, 01, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenThread + B 7C90D669 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes

[68, 02, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes

CALL 7B90ED8B

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes

[A8, 00, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes

CALL 7B90EEB9

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes

[28, 01, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes

[28, 02, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte

[68]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes

[68, 03, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[2600]

ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes

[28, 00, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte

[28]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes

[28, 03, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes

[68, 00, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes

[A8, 01, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes

CALL 7B90ED1A

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes

[A8, 02, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes

[68, 01, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenThread + B 7C90D669 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes

[68, 02, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes

CALL 7B90ED8B

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes

[A8, 00, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes

CALL 7B90EEB9

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes

[28, 01, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes

[28, 02, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte

[E2]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte

[68]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes

[68, 03, 17, 00]

.text C:\Documents and Settings\stephen\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe[3680]

ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte

[E2]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs

86B6B400

Device \FileSystem\Ntfs \Ntfs

86AF97B0

Device \FileSystem\Ntfs \Ntfs

86E50410

Device \FileSystem\Ntfs \Ntfs

86C2A548

Device \FileSystem\Ntfs \Ntfs

860A59E8

Device \FileSystem\Ntfs \Ntfs

86158AD0

AttachedDevice \FileSystem\Ntfs \Ntfs

dwprot.sys

AttachedDevice \Driver\Tcpip \Device\Ip

dwprot.sys

AttachedDevice \Driver\Tcpip \Device\Tcp

dwprot.sys

AttachedDevice \Driver\Tcpip \Device\Udp

dwprot.sys

AttachedDevice \Driver\Tcpip \Device\RawIp

dwprot.sys

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please do an online scan with Kaspersky WebScanner

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases

    [*]Click on My Computer under Scan.

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

    [*]Please post this log in your next reply.

Link to post
Share on other sites
stayley

stayley

Posted
  • Author
Posted

I am getting a error when running the kaspersky scanner: Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky online scanner 7.- and scanning of your computer requires uninterrupted internet connection. Please make sure that the internet connection is established. [error: license has expired]

I am downloading the free trial of the internet security 2011 & will post the log from it.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Don't install KIS.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\Moved Files
    • in most cases this will be C:\_OTL\Moved Files

Link to post
Share on other sites
stayley

stayley

Posted
  • Author
Posted

OTL Log

OTL logfile created on: 12/10/2010 6:28:31 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\stephen\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 493.00 Mb Available Physical Memory | 49.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 87.15 Gb Total Space | 8.27 Gb Free Space | 9.49% Space Free | Partition Type: NTFS

Computer Name: MAMA | User Name: stephen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\stephen\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)

PRC - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)

PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)

PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\stephen\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)

SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)

SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)

SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)

SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)

SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)

SRV - (OKI OPHD DCS Loader) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE (Oki Data Corporation)

SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)

SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)

========== Driver Services (SafeList) ==========

DRV - (tmcomm) -- C:\WINDOWS\System32\drivers\tmcomm.sys File not found

DRV - (NWUSBPort) -- C:\WINDOWS\System32\DRIVERS\nwusbser.sys File not found

DRV - (NWUSBModem) -- C:\WINDOWS\System32\DRIVERS\nwusbmdm.sys File not found

DRV - (NWADI) -- C:\WINDOWS\System32\DRIVERS\NWADIenum.sys File not found

DRV - (DwProt) -- File not found

DRV - (catchme) -- C:\Combo-Fix\catchme.sys File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()

DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (tifmsony) -- C:\WINDOWS\system32\drivers\tifmsony.sys (Texas Instruments)

DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)

DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3D07DE
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D7A6323
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1

:files
C:\sqmdata06.sqm
C:\sqmnoopt06.sqm
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\Documents and Settings\stephen\Application Data\mcs.rma
C:\Documents and Settings\stephen\Application Data\F00F6F
C:\Documents and Settings\stephen\Application Data\ezpinst.exe
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Link to post
Share on other sites
stayley

stayley

Posted
  • Author
Posted

All processes killed

========== OTL ==========

ADS C:\Documents and Settings\All Users\Application Data\TEMP:8E3D07DE deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D7A6323 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1 deleted successfully.

========== FILES ==========

C:\sqmdata06.sqm moved successfully.

C:\sqmnoopt06.sqm moved successfully.

C:\sqmdata05.sqm moved successfully.

C:\sqmnoopt05.sqm moved successfully.

C:\sqmdata04.sqm moved successfully.

C:\sqmnoopt04.sqm moved successfully.

C:\sqmdata03.sqm moved successfully.

C:\sqmnoopt03.sqm moved successfully.

C:\Documents and Settings\stephen\Application Data\mcs.rma moved successfully.

C:\Documents and Settings\stephen\Application Data\F00F6F moved successfully.

C:\Documents and Settings\stephen\Application Data\ezpinst.exe moved successfully.

C:\WINDOWS\System32\CONFIG.TMP moved successfully.

C:\WINDOWS\System32\SET23.tmp moved successfully.

C:\WINDOWS\System32\SET24.tmp moved successfully.

C:\WINDOWS\System32\SET30.tmp moved successfully.

C:\WINDOWS\System32\SET39.tmp moved successfully.

C:\WINDOWS\System32\SET3A.tmp moved successfully.

C:\WINDOWS\System32\SET3B.tmp moved successfully.

C:\WINDOWS\System32\SET3C.tmp moved successfully.

C:\WINDOWS\System32\SET3E.tmp moved successfully.

C:\WINDOWS\003020_.tmp moved successfully.

C:\WINDOWS\4E97AE4712934669BBF34BDE52501A1A.TMP folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32969 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->FireFox cache emptied: 1738746 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: stephen

->Temp folder emptied: 175217984 bytes

->Temporary Internet Files folder emptied: 48733101 bytes

->Java cache emptied: 12453392 bytes

->Google Chrome cache emptied: 237005417 bytes

->Apple Safari cache emptied: 1625088 bytes

->Flash cache emptied: 375166 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 834013 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65082498 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 40179775 bytes

Total Files Cleaned = 556.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12122010_222200

Files\Folders moved on Reboot...

C:\WINDOWS\temp\Perflib_Perfdata_694.dat moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  1. Download Bootkit remover to your Desktop.
  2. Extract Remover to your desktop
  3. Double-click Remover to run it (Vista users right-click and select Run as Administrator)
  4. It will show a Black screen with some data on it
  5. Right click on the screen and click Select All
  6. Press Ctrl+C (on keyboard) to copy the data
  7. Open a notepad and press Ctrl+V to paste the data

Link to post
Share on other sites
stayley

stayley

Posted
  • Author
Posted

Bootkit Remover

© 2009 eSage Lab

www.esagelab.com

Program version: 1.2.0.0

OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:

\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`805e2000

Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status

--------------------------------------------

93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;

Press any key to quit...

Link to post
Share on other sites
stayley

stayley

Posted
  • Author
Posted

DDS (Ver_10-11-10.01) - NTFSx86

Run by stephen at 8:34:25.31 on Wed 12/15/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.385 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Desktop\Virus Cleaning\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.Google.com/

uSearchMigratedDefaultURL = hxxp://www.Google.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

{7e853d72-626a-48ec-a868-ba8d5e23e045}

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Google Update] "c:\documents and settings\stephen\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"

mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [pdfFactory Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [spyHunter Security Suite] "c:\program files\enigma software group\spyhunter\SpyHunter4.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: state.va.us\www.deq

Trusted Zone: verizon.com

DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab

DPF: {02A08EC5-C341-4BE5-AD4F-62215D2407EF} - hxxps://wip-data.webdialogs.com/components/WDATL70.CAB

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.taylorbeanonline.com/scriptx/smsx.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {58D5690D-55A6-4B0B-B735-D0C82E14700C} - hxxps://wip-data.webdialogs.com/components/WDATL72.CAB

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163214234545

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxp://remote.ewmortgage.com/tsweb/msrdp.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab

DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} - hxxps://ilnet.wellsfargo.com/ilonline/hmUpload/enclickloanwf.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://alamodetraining.webex.com/client/v_mywebex-t20/training/ieatgpc.cab

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-11 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-11 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-11 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-11 61960]

R2 MSSQL$EMMSDE;MSSQL$EMMSDE;c:\program files\microsoft sql server\mssql$emmsde\binn\sqlservr.exe -semmsde --> c:\program files\microsoft sql server\mssql$emmsde\binn\sqlservr.exe -sEMMSDE [?]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-11-5 327000]

R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-3-2 29184]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-8-15 2944]

S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-8-15 61952]

S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-8-15 11008]

S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-8-15 10368]

S3 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE [2006-12-26 24576]

S3 SQLAgent$EMMSDE;SQLAgent$EMMSDE;c:\program files\microsoft sql server\mssql$emmsde\binn\sqlagent.exe -i emmsde --> c:\program files\microsoft sql server\mssql$emmsde\binn\sqlagent.EXE -i EMMSDE [?]

=============== Created Last 30 ================

2010-12-13 03:22:00 -------- d-----w- C:\_OTL

2010-12-01 03:14:47 -------- d-----w- c:\documents and settings\stephen\DoctorWeb

2010-11-22 19:23:23 -------- d-----w- c:\program files\SNLayout

2010-11-21 20:07:19 28365 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\BRMFPP1.DLL

2010-11-21 20:07:19 163840 ----a-w- c:\windows\system32\BRS2MF4A.DLL

2010-11-21 20:07:19 131072 ----a-w- c:\windows\system32\BRS2MF4A.EXE

2010-11-20 01:00:59 -------- d-sha-r- C:\cmdcons

2010-11-20 00:57:02 98816 ----a-w- c:\windows\sed.exe

2010-11-20 00:57:02 89088 ----a-w- c:\windows\MBR.exe

2010-11-20 00:57:02 256512 ----a-w- c:\windows\PEV.exe

2010-11-20 00:57:02 161792 ----a-w- c:\windows\SWREG.exe

2010-11-20 00:56:32 -------- d-sh--w- c:\documents and settings\stephen\IECompatCache

2010-11-19 16:35:03 -------- d-sh--w- c:\documents and settings\stephen\IETldCache

2010-11-19 16:28:45 -------- dc-h--w- c:\windows\ie8

2010-11-19 16:26:20 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-11-19 16:26:16 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-11-19 16:26:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-11-19 16:26:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-11-19 16:26:15 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-11-19 16:26:14 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-11-19 16:26:13 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-11-19 16:26:10 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-11-19 13:42:31 -------- d-----w- c:\windows\system32\XPSViewer

2010-11-19 13:41:52 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-11-19 13:41:29 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-11-19 13:41:29 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-11-19 13:41:29 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-11-19 13:41:29 117760 ------w- c:\windows\system32\prntvpt.dll

2010-11-19 13:41:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-11-19 13:41:28 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-11-19 13:41:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-11-19 13:41:28 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-11-19 13:41:27 -------- d-----w- C:\d8460462b997e73eef

2010-11-19 03:25:35 -------- d-----w- c:\docume~1\stephen\applic~1\Avira

2010-11-19 01:01:10 -------- d-----w- c:\docume~1\stephen\locals~1\applic~1\Temp

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2004-08-10 04:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

============= FINISH: 8:35:51.53 ===============

Link to post
Share on other sites
stayley

stayley

Posted
  • Author
Posted

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: BRS2MF4A.EXE

Submission date: 2010-12-15 20:20:04 (UTC)

Current status: finished

Result: 0/ 43 (0.0%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.12.15.02 2010.12.15 -

AntiVir 7.11.0.45 2010.12.15 -

Antiy-AVL 2.0.3.7 2010.12.15 -

Avast 4.8.1351.0 2010.12.15 -

Avast5 5.0.677.0 2010.12.15 -

AVG 9.0.0.851 2010.12.15 -

BitDefender 7.2 2010.12.15 -

CAT-QuickHeal 11.00 2010.12.15 -

ClamAV 0.96.4.0 2010.12.15 -

Command 5.2.11.5 2010.12.15 -

Comodo 7072 2010.12.15 -

DrWeb 5.0.2.03300 2010.12.15 -

Emsisoft 5.1.0.1 2010.12.15 -

eSafe 7.0.17.0 2010.12.15 -

eTrust-Vet 36.1.8043 2010.12.15 -

F-Prot 4.6.2.117 2010.12.14 -

F-Secure 9.0.16160.0 2010.12.15 -

Fortinet 4.2.254.0 2010.12.15 -

GData 21 2010.12.15 -

Ikarus T3.1.1.90.0 2010.12.15 -

Jiangmin 13.0.900 2010.12.15 -

K7AntiVirus 9.73.3258 2010.12.15 -

Kaspersky 7.0.0.125 2010.12.15 -

McAfee 5.400.0.1158 2010.12.15 -

McAfee-GW-Edition 2010.1C 2010.12.15 -

Microsoft 1.6402 2010.12.15 -

NOD32 5706 2010.12.15 -

Norman 6.06.12 2010.12.15 -

nProtect 2010-12-15.02 2010.12.15 -

Panda 10.0.2.7 2010.12.15 -

PCTools 7.0.3.5 2010.12.15 -

Prevx 3.0 2010.12.15 -

Rising 22.78.01.04 2010.12.15 -

Sophos 4.60.0 2010.12.15 -

SUPERAntiSpyware 4.40.0.1006 2010.12.15 -

Symantec 20101.3.0.103 2010.12.15 -

TheHacker 6.7.0.1.101 2010.12.15 -

TrendMicro 9.120.0.1004 2010.12.15 -

TrendMicro-HouseCall 9.120.0.1004 2010.12.15 -

VBA32 3.12.14.2 2010.12.14 -

VIPRE 7665 2010.12.15 -

ViRobot 2010.12.15.4202 2010.12.15 -

VirusBuster 13.6.96.0 2010.12.15 -

Additional informationShow all

MD5 : bda0d5f8767012e18c06fada5ed8a8ec

SHA1 : 4e183d2c118c1b17efdd5776ebdf1a5d03a53eeb

SHA256: 36fed972d974395baa2ba727bad0f862042c37b9758407543634ac1a06993782

ssdeep: 3072:Kp+xCz4ySXMsxg5aXkrr9L22+z/I/wsnwbCXoNG:KcxNXMRk0VLkCM

File size : 131072 bytes

First seen: 2009-05-11 18:11:06

Last seen : 2010-12-15 20:20:04

TrID:

Win64 Executable Generic (54.6%)

Win32 Executable MS Visual C++ (generic) (24.0%)

Windows Screen Saver (8.3%)

Win32 Executable Generic (5.4%)

Win32 Dynamic Link Library (generic) (4.8%)

sigcheck:

publisher....: Brother Industries,ltd

copyright....: Copyright © Brother Industries, ltd 2003

product......: Brother brspl03x

description..: brspl03x

original name: brspl03x.exe

internal name: brspl03x

file version.: 3.70

comments.....:

signers......: -

signing date.: -

verified.....: Unsigned

PEiD: Armadillo v1.71

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x132AC

timedatestamp....: 0x4007379D (Fri Jan 16 01:00:13 2004)

machinetype......: 0x14c (I386)

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x17FFD, 0x18000, 6.57, a99a7088ddfd0bacce13be7cd594f6f0

.rdata, 0x19000, 0x1D32, 0x2000, 5.35, 4ba614b11946d7f3a5a6cc5662ab012d

.data, 0x1B000, 0x12638, 0x4000, 2.79, 8256ead965980bb5d21ab8861674571c

.rsrc, 0x2E000, 0x728, 0x1000, 1.67, 99552165900677a7f1dcd9d3d756a0bb

[[ 6 import(s) ]]

KERNEL32.dll: SetEndOfFile, GetTempPathW, GlobalFree, OpenFile, GetWindowsDirectoryW, ExitThread, _lclose, CreateDirectoryW, GetProcAddress, GetPrivateProfileIntA, LocalSize, QueryDosDeviceA, GetProfileIntA, lstrcmpiW, lstrcatW, CreateFileA, GetTempFileNameW, GetVersionExA, lstrcpyA, FindResourceA, LoadResource, SetEvent, lstrcatA, GetLocalTime, MoveFileExW, GetThreadPriority, SetThreadPriority, GetFileTime, GetPrivateProfileStringW, GetSystemTimeAsFileTime, GlobalLock, WritePrivateProfileStringW, GlobalAlloc, SetFilePointer, GlobalUnlock, lstrcpynW, WideCharToMultiByte, GetFileSize, ReadFile, CopyFileW, DeleteFileW, MultiByteToWideChar, GetPrivateProfileStringA, MoveFileW, DeleteCriticalSection, GetSystemDirectoryA, GetUserDefaultLangID, WritePrivateProfileStringA, _lread, LoadLibraryA, GetExitCodeThread, lstrcpynA, GetCurrentThread, _llseek, FreeLibrary, IsValidCodePage, GetLastError, DeleteFileA, LocalHandle, MoveFileA, LeaveCriticalSection, InitializeCriticalSection, EnterCriticalSection, LocalReAlloc, lstrcmpW, lstrlenW, GetTempFileNameA, lstrcpyW, GetTempPathA, LocalLock, LocalAlloc, LocalFree, lstrcmpiA, lstrlenA, LocalUnlock, LCMapStringA, GetStringTypeW, GetOEMCP, GetACP, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, GetCurrentProcess, TerminateProcess, ExitProcess, CloseHandle, WaitForSingleObject, Sleep, CreateThread, CreateEventA, GlobalDeleteAtom, GlobalAddAtomA, GlobalFindAtomA, GetModuleFileNameA, WriteFile, CreateFileW, LCMapStringW, FlushFileBuffers, GetFileType, GetEnvironmentVariableA, GetStringTypeA, HeapDestroy, SetStdHandle, HeapReAlloc, VirtualAlloc, HeapAlloc, HeapCreate, GetCPInfo, RtlUnwind, HeapFree, VirtualFree

USER32.dll: SendMessageA, wsprintfA, wsprintfW, InvalidateRect, EndDialog, GetClientRect, MessageBoxA, GetDC, ReleaseDC, FillRect, LoadStringW, DispatchMessageA, TranslateMessage, TranslateAcceleratorA, GetMessageA, LoadAcceleratorsA, LoadStringA, RegisterClassExA, LoadCursorA, LoadIconA, UpdateWindow, ShowWindow, MoveWindow, GetWindowRect, CreateWindowExA, DialogBoxParamA, DestroyWindow, KillTimer, EndPaint, BeginPaint, DefWindowProcA, SetTimer, PostQuitMessage, CharLowerA

GDI32.dll: DeleteEnhMetaFile, SaveDC, SetGraphicsMode, SetBrushOrgEx, DeleteDC, SetStretchBltMode, RemoveFontResourceW, CreateScalableFontResourceW, CreateDCA, SetWorldTransform, GetWorldTransform, AddFontResourceW, CreateRectRgnIndirect, ExtSelectClipRgn, ModifyWorldTransform, SelectObject, DeleteObject, CreatePen, LineTo, GetDeviceCaps, MoveToEx, GetEnhMetaFileA, SetMapMode, RestoreDC, CloseEnhMetaFile, EnumFontsW, CreateEnhMetaFileA, PlayEnhMetaFileRecord, PlayEnhMetaFile, GdiComment, StartDocA, EndDoc, EnumEnhMetaFile, CreateSolidBrush, EndPage, StartPage, SetTextAlign, FillPath, CreateFontIndirectW, BeginPath, GetTextExtentPoint32A, EndPath, TextOutA, SetTextColor, GetTextAlign, SetBkMode, GetTextExtentPoint32W, SetBkColor, GetStockObject, FillRgn, TextOutW, SelectClipPath, StrokePath, SetROP2, CreateRectRgn, CreatePenIndirect, SetPolyFillMode, CreateCompatibleBitmap, CreateCompatibleDC, StretchBlt, GetEnhMetaFileHeader, StretchDIBits

WINSPOOL.DRV: GetPrinterA, AddJobW, OpenPrinterW, EnumJobsW, GetJobW, SetJobW, ScheduleJob, SetJobA, EnumPrintersA, EnumJobsA, GetJobA, OpenPrinterA, ClosePrinter, GetPrinterDriverDirectoryA, EnumPrintersW, AddPrinterConnectionA

comdlg32.dll: GetOpenFileNameA

ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegQueryValueExW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, SetFileSecurityA, RegEnumValueW, RegSetValueExW

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 98304

Comments:

CompanyName: Brother Industries,ltd

EntryPoint: 0x132ac

FileDescription: brspl03x

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 128 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 3.7

FileVersionNumber: 3.7.0.2

ImageVersion: 0.0

InitializedDataSize: 90112

InternalName: brspl03x

LanguageCode: English (U.S.)

LegalCopyright: Copyright Brother Industries, ltd 2003

LegalTrademarks:

LinkerVersion: 6.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

ObjectFileType: Executable application

OriginalFilename: brspl03x.exe

PEType: PE32

PrivateBuild:

ProductName: Brother brspl03x

ProductVersion: 3.7

ProductVersionNumber: 3.7.0.2

SpecialBuild:

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2004:01:16 02:00:13+01:00

UninitializedDataSize: 0

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: BRS2MF4A.dll

Submission date: 2010-12-15 20:25:53 (UTC)

Current status: finished

Result: 0/ 43 (0.0%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.12.15.02 2010.12.15 -

AntiVir 7.11.0.45 2010.12.15 -

Antiy-AVL 2.0.3.7 2010.12.15 -

Avast 4.8.1351.0 2010.12.15 -

Avast5 5.0.677.0 2010.12.15 -

AVG 9.0.0.851 2010.12.15 -

BitDefender 7.2 2010.12.15 -

CAT-QuickHeal 11.00 2010.12.15 -

ClamAV 0.96.4.0 2010.12.15 -

Command 5.2.11.5 2010.12.15 -

Comodo 7072 2010.12.15 -

DrWeb 5.0.2.03300 2010.12.15 -

Emsisoft 5.1.0.1 2010.12.15 -

eSafe 7.0.17.0 2010.12.15 -

eTrust-Vet 36.1.8043 2010.12.15 -

F-Prot 4.6.2.117 2010.12.14 -

F-Secure 9.0.16160.0 2010.12.15 -

Fortinet 4.2.254.0 2010.12.15 -

GData 21 2010.12.15 -

Ikarus T3.1.1.90.0 2010.12.15 -

Jiangmin 13.0.900 2010.12.15 -

K7AntiVirus 9.73.3258 2010.12.15 -

Kaspersky 7.0.0.125 2010.12.15 -

McAfee 5.400.0.1158 2010.12.15 -

McAfee-GW-Edition 2010.1C 2010.12.15 -

Microsoft 1.6402 2010.12.15 -

NOD32 5706 2010.12.15 -

Norman 6.06.12 2010.12.15 -

nProtect 2010-12-15.02 2010.12.15 -

Panda 10.0.2.7 2010.12.15 -

PCTools 7.0.3.5 2010.12.15 -

Prevx 3.0 2010.12.15 -

Rising 22.78.01.04 2010.12.15 -

Sophos 4.60.0 2010.12.15 -

SUPERAntiSpyware 4.40.0.1006 2010.12.15 -

Symantec 20101.3.0.103 2010.12.15 -

TheHacker 6.7.0.1.101 2010.12.15 -

TrendMicro 9.120.0.1004 2010.12.15 -

TrendMicro-HouseCall 9.120.0.1004 2010.12.15 -

VBA32 3.12.14.2 2010.12.14 -

VIPRE 7665 2010.12.15 -

ViRobot 2010.12.15.4202 2010.12.15 -

VirusBuster 13.6.96.0 2010.12.15 -

Additional informationShow all

MD5 : 6b35b7c1546c128bca65b18d064c591c

SHA1 : ac99cbacc9d3366119e1b0091a24dbb21bd58f24

SHA256: c063115e354b092a041d6342a70549f467154f651b39f8235e8a91014092c354

ssdeep: 1536:H51hz5T9CW7MUSwK4lAqXVuoTUxj941RMnSF7/mrs:ZLDBR3Fuo4xy1R/rm

File size : 163840 bytes

First seen: 2009-06-14 20:53:56

Last seen : 2010-12-15 20:25:53

TrID:

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

sigcheck:

publisher....: Brother Industries, Ltd

copyright....: Copyright © Brother Industries, Ltd. 2003

product......:

description..: brs2mf4a.dll

original name: brs2mf4a.dll

internal name: brs2mf4a.dll

file version.: 1.05

comments.....:

signers......: -

signing date.: -

verified.....: Unsigned

PEiD: Armadillo v1.xx - v2.xx

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x2B19

timedatestamp....: 0x3FE23D49 (Thu Dec 18 23:50:33 2003)

machinetype......: 0x14c (I386)

[[ 5 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x6CA6, 0x7000, 6.47, a19188d29546fdbab9bfe417aeb64251

.rdata, 0x8000, 0x1351, 0x2000, 3.79, 7a399cbe2284db1c4fdbd0d7f6f65e10

.data, 0xA000, 0x4CA0, 0x4000, 1.44, bb3d45cfa42d714b8d9913951d396fe4

.rsrc, 0xF000, 0x17F40, 0x18000, 2.40, cb0d9b6cb18cbd9c24541d3e3eeac5c1

.reloc, 0x27000, 0x11E0, 0x2000, 2.70, 07f4f6470cfa9956105248af95f687be

[[ 5 import(s) ]]

KERNEL32.dll: GlobalUnlock, LocalLock, GlobalFree, GlobalLock, GlobalAlloc, GetTickCount, LoadLibraryA, GetUserDefaultLangID, GetLastError, GetStdHandle, GetFileType, SetHandleCount, CloseHandle, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, RtlUnwind, SetStdHandle, GetProcAddress, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, GetCPInfo, HeapAlloc, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, LocalUnlock, InterlockedDecrement, GetStartupInfoA, WriteFile, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, InterlockedIncrement, GetEnvironmentStrings, HeapFree, SetFilePointer, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree

USER32.dll: ClientToScreen, GetSystemMetrics, MoveWindow, IsWindowVisible, GetWindowRect, GetClientRect, GetDC, GetParent, SetDlgItemTextA, GetDlgItemTextA, SetActiveWindow, SetWindowPos, EndDialog, DialogBoxParamA, GetActiveWindow, EndPaint, FillRect, GetSysColor, BeginPaint, GetWindowLongA, DefWindowProcA, SetWindowLongA, LoadBitmapA, RegisterClassA, LoadCursorA, LoadStringA, SetTimer, CreateDialogParamA, ShowWindow, GetMessageA, IsDialogMessageA, TranslateMessage, DispatchMessageA, SetWindowTextA, DestroyWindow, ReleaseDC

GDI32.dll: GetClipBox, CreateCompatibleBitmap, GetMapMode, BitBlt, SetStretchBltMode, DeleteDC, CreateCompatibleDC, DeleteObject, SelectObject, CreateSolidBrush, StretchBlt, DPtoLP, CreateBitmap, GetObjectA, GetStockObject, SetMapMode, SetBkColor, PatBlt

WINSPOOL.DRV: GetPrinterDriverDirectoryA

ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegQueryValueExA, RegEnumValueA, RegCreateKeyExA

[[ 6 export(s) ]]

DiskFulErrorDialog, FRegisterBitmapControl, GetDeviceDependentInfo, MemfullErrorDialog, OpenDuplexDlg, RawWarningDialog

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 28672

Comments:

CompanyName: Brother Industries, Ltd

EntryPoint: 0x2b19

FileDescription: brs2mf4a.dll

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 160 kB

FileSubtype: 0

FileType: Win32 DLL

FileVersion: 1.05

FileVersionNumber: 1.0.5.1

ImageVersion: 0.0

InitializedDataSize: 135168

InternalName: brs2mf4a.dll

LanguageCode: English (U.S.)

LegalCopyright: Copyright Brother Industries, Ltd. 2003

LegalTrademarks:

LinkerVersion: 6.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

ObjectFileType: Dynamic link library

OriginalFilename: brs2mf4a.dll

PEType: PE32

PrivateBuild:

ProductName:

ProductVersion: 1.05

ProductVersionNumber: 1.0.5.1

SpecialBuild:

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2003:12:19 00:50:33+01:00

UninitializedDataSize: 0

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Click here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Link to post
Share on other sites
stayley

stayley

Posted
  • Author
Posted

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:35:53 PM, on 12/19/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O15 - Trusted Zone: http://www.deq.state.va.us

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab

O16 - DPF: {02A08EC5-C341-4BE5-AD4F-62215D2407EF} (ApplicationSharing Class) - https://wip-data.webdialogs.com/components/WDATL70.CAB

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.taylorbeanonline.com/scriptx/smsx.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {58D5690D-55A6-4B0B-B735-D0C82E14700C} (ApplicationSharing Class) - https://wip-data.webdialogs.com/components/WDATL72.CAB

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163214234545

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://remote.ewmortgage.com/tsweb/msrdp.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab

O16 - DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} (EnClickLoanWF Control) - https://ilnet.wellsfargo.com/ilonline/hmUpl...clickloanwf.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://alamodetraining.webex.com/client/v_...ing/ieatgpc.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: OKI OPHD DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--

End of file - 14601 bytes

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

I really can't find the problem.

Download avz4.zip from: http://devbuilds.kaspersky-labs.com/devbuilds/AVZ/avz4.zip

  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: avz-update-button.png
  • Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    avz-standardscripts-asa-removal.png
  • Click on the ?Execute selected scripts?.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted:

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the ?Advanced System Analysis" check box.
    avz-standardscripts-asa.png
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.