Jump to content

Help with Google redirect virus and Troj/TDL3-Mem-B


Caroleb
 Share

Recommended Posts

Yesterday, I was infected by a troj/TDL3-Mem-B, despite having every update on my computer (Windows 7), and running Sophos. I had someone come in and use malwarebyte to get rid of it, which it apparently did. Well, today, it has reappeared and i am suspecting that the google redirect problem is secondary to this. The Sophos scan found the reoccuring infection, but malwarebyte apparently isn't, although I have the latest version, and I just updated the definition again. I am really baffled and frustrated to say the least. I would be so grateful for some help.

Link to post
Share on other sites

Hello Caroleb! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Download DDS and save it to your desktop from here or here .

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

I am not certain I know how to disable script blockers (let me know if you can tell and thank you again).

the required zip file is attached and I copied and pasted the other below.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Rivka at 17:16:40.12 on Wed 02/23/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.619 [GMT -7:00]

AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\DDNi\Oasis2Service 1.0\Oasis2Service.exe

C:\Windows\System32\svchost.exe -k HPZ12

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskeng.exe

C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

C:\Program Files\Sony\VAIO Care\VCSpt.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

C:\Program Files\Realtek\Audio\HDA\vncutil.exe

C:\Program Files\AlpsPoint\ApMain.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\igfxtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Upromise\dca-ua.exe

C:\Program Files\Upromise\UpromiseTray.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Sony\VAIO Event Service\VESGfxMgr.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AlpsPoint\ApMsgFwd.exe

C:\Program Files\DDNi\Oasis\Delay.exe

C:\Windows\system32\IgfxExt.exe

C:\Users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\DDNi\Oasis\Delay.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe

C:\Program Files\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe

C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Internet Explorer\iexplore.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Rivka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFMC8V22\dds[1].scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://sony.msn.com

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [upromise Update] c:\program files\upromise\dca-ua.exe

uRun: [upromise Tray] c:\program files\upromise\UpromiseTray.exe

uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [vncutil] c:\program files\realtek\audio\hda\vncutil.exe

mRun: [ApMain] %ProgramFiles%\AlpsPoint\ApMain.exe

mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [igfxExt] c:\windows\system32\IgfxExt.exe /RegServer

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rivka\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL acaptuser32.dll

============= SERVICES / DRIVERS ===============

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2010-4-6 23712]

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-12-23 122360]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-2-25 68144]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-8-6 17408]

R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2011-1-12 648832]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-4-6 9344]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-4-6 14720]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-4-6 316416]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-2-8 43944]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-6 29472]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-12-23 22536]

=============== Created Last 30 ================

2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Log

2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Config

2011-02-23 01:50:28 -------- d-----w- c:\users\rivka\appdata\roaming\Malwarebytes

2011-02-23 01:50:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:50:02 -------- d-----w- c:\progra~2\Malwarebytes

2011-02-23 01:49:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-23 01:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-23 01:31:16 -------- d-----w- c:\users\rivka\appdata\roaming\Sammsoft

2011-02-23 01:30:35 -------- d-----w- c:\program files\ARO 2011

2011-02-22 20:10:43 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2011-02-22 20:08:28 -------- d-----w- c:\users\rivka\appdata\local\Sophos

2011-02-22 20:07:53 112056 ----a-w- c:\windows\system32\acaptuser32.dll

2011-02-22 20:01:16 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b8e57123-ce1d-442e-920e-0a294ae3ed65}\mpengine.dll

2011-02-22 19:44:29 -------- d-----w- C:\A9R8787.tmp

2011-02-22 19:22:13 -------- d-----w- c:\progra~2\fEhPmMp08200

2011-02-17 20:58:27 -------- d-----w- c:\users\rivka\appdata\local\ElevatedDiagnostics

2011-02-15 16:33:49 256 ----a-w- c:\windows\system32\pool.bin

2011-02-15 16:13:58 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys

2011-02-15 16:12:18 -------- d-----w- c:\program files\Research In Motion

2011-02-03 20:47:18 -------- d-----w- c:\users\rivka\appdata\roaming\Auslogics

2011-02-01 16:57:10 -------- d-----w- c:\users\rivka\appdata\roaming\upromise

2011-02-01 16:57:10 -------- d-----w- c:\program files\Upromise

==================== Find3M ====================

2011-02-13 21:19:38 2516 --sha-w- c:\progra~2\KGyGaAvL.sys

2011-02-01 15:28:28 88 --sh--r- c:\progra~2\46BD3B2112.sys

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

2010-12-23 16:29:16 72748 ----a-w- c:\windows\unins000.exe

2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll

2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll

2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll

2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec

2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600 Disk: TOSHIBA_THNSNB128GMLJ rev.BJSA0202 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys shpf.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85E31735]<<

c:\windows\system32\drivers\shpf.sys Sony Corporation Sony HDD Protection

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85e37990]; MOV EAX, [0x85e37a0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x82C3E448] -> \Device\Harddisk0\DR0[0x85E163A8]

3 CLASSPNP[0x837A859E] -> ntkrnlpa!IofCallDriver[0x82C3E448] -> [0x85E16900]

5 shpf[0x88FE2D03] -> ntkrnlpa!IofCallDriver[0x82C3E448] -> [0x85D3D918]

7 ACPI[0x834253B2] -> ntkrnlpa!IofCallDriver[0x82C3E448] -> \IdeDeviceP0T0L0-0[0x850A4610]

\Driver\atapi[0x85E1A910] -> IRP_MJ_CREATE -> 0x85E31735

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskTOSHIBA_THNSNB128GMLJ___________________BJSA0202#5&2f61bdc3&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user != kernel MBR !!!

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 17:19:28.94 ===============

DDS.zip

Link to post
Share on other sites

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be [bAF0-Skip, choose it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

In your next reply, please post the following logs:

  • TDSSKiller log
  • a new fresh DDS log only

Link to post
Share on other sites

Hi Borislav,

thank you again for your help. I actually ran the TDSSkiller this AM to see if it would work (I have been obscessing about how to deal with this since last night), and it did find the virus. I ran it again just now (log attached). Per your instructions, I am also attaching a new DDS log. I also ran a Sophos scan, and this time it didn't find anything. Google seems to be working normally, but as you said, sometimes these things look gone and they are not, so I appreciate your letting me know either way.

Now a big question: Since Sophos didn't react in time to prevent this infection, since malwarebyte didn't detect it, how am i supposed to protect myself from these things in the future? I really don't do anything creative with my computer, everything (windows, etc) is constantly updated, and I got this virus from what is supposed to be a trusted real estate web-site. Is there an antivirus software out there that could have prevented this?

TDSSKiller.2.4.18.0_24.02.2011_08.16.06_log.txt

DDS.txt

Link to post
Share on other sites

ok, there you go:

2011/02/24 08:16:06.0824 7864 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08

2011/02/24 08:16:07.0355 7864 ================================================================================

2011/02/24 08:16:07.0355 7864 SystemInfo:

2011/02/24 08:16:07.0355 7864

2011/02/24 08:16:07.0355 7864 OS Version: 6.1.7600 ServicePack: 0.0

2011/02/24 08:16:07.0355 7864 Product type: Workstation

2011/02/24 08:16:07.0355 7864 ComputerName: RIVKA-VAIO

2011/02/24 08:16:07.0355 7864 UserName: Rivka

2011/02/24 08:16:07.0355 7864 Windows directory: C:\Windows

2011/02/24 08:16:07.0355 7864 System windows directory: C:\Windows

2011/02/24 08:16:07.0355 7864 Processor architecture: Intel x86

2011/02/24 08:16:07.0355 7864 Number of processors: 2

2011/02/24 08:16:07.0355 7864 Page size: 0x1000

2011/02/24 08:16:07.0355 7864 Boot type: Normal boot

2011/02/24 08:16:07.0355 7864 ================================================================================

2011/02/24 08:16:08.0681 7864 Initialize success

2011/02/24 08:16:10.0849 7960 ================================================================================

2011/02/24 08:16:10.0849 7960 Scan started

2011/02/24 08:16:10.0849 7960 Mode: Manual;

2011/02/24 08:16:10.0849 7960 ================================================================================

2011/02/24 08:16:11.0629 7960 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\drivers\1394ohci.sys

2011/02/24 08:16:12.0643 7960 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\drivers\ACPI.sys

2011/02/24 08:16:12.0784 7960 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\drivers\acpipmi.sys

2011/02/24 08:16:12.0924 7960 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys

2011/02/24 08:16:13.0049 7960 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys

2011/02/24 08:16:13.0174 7960 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys

2011/02/24 08:16:13.0376 7960 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/02/24 08:16:13.0532 7960 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/02/24 08:16:13.0704 7960 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys

2011/02/24 08:16:13.0891 7960 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/02/24 08:16:14.0078 7960 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/02/24 08:16:14.0234 7960 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/02/24 08:16:14.0422 7960 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys

2011/02/24 08:16:15.0420 7960 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys

2011/02/24 08:16:16.0450 7960 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\drivers\amdsata.sys

2011/02/24 08:16:16.0606 7960 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys

2011/02/24 08:16:16.0808 7960 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\drivers\amdxata.sys

2011/02/24 08:16:16.0918 7960 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/02/24 08:16:17.0354 7960 ApPS2 (ae56530ed201895aeb194d53a4ee29bd) C:\Windows\system32\drivers\ApPS2.sys

2011/02/24 08:16:17.0557 7960 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys

2011/02/24 08:16:17.0713 7960 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys

2011/02/24 08:16:17.0916 7960 ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

2011/02/24 08:16:18.0072 7960 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/02/24 08:16:18.0275 7960 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/02/24 08:16:18.0400 7960 athr (5ce5e9336dfa9515fa52b708bff40c3d) C:\Windows\system32\DRIVERS\athr.sys

2011/02/24 08:16:18.0665 7960 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys

2011/02/24 08:16:18.0836 7960 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/02/24 08:16:19.0117 7960 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/02/24 08:16:19.0382 7960 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys

2011/02/24 08:16:19.0538 7960 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2011/02/24 08:16:19.0679 7960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys

2011/02/24 08:16:19.0882 7960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys

2011/02/24 08:16:20.0116 7960 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/02/24 08:16:20.0287 7960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/02/24 08:16:20.0459 7960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/02/24 08:16:20.0615 7960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/02/24 08:16:20.0771 7960 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/02/24 08:16:20.0911 7960 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys

2011/02/24 08:16:21.0067 7960 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/02/24 08:16:21.0223 7960 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys

2011/02/24 08:16:21.0426 7960 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys

2011/02/24 08:16:21.0566 7960 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\Windows\system32\drivers\btusbflt.sys

2011/02/24 08:16:21.0754 7960 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\Windows\system32\drivers\btwaudio.sys

2011/02/24 08:16:21.0910 7960 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\drivers\btwavdt.sys

2011/02/24 08:16:22.0050 7960 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys

2011/02/24 08:16:22.0222 7960 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/02/24 08:16:22.0456 7960 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/02/24 08:16:22.0627 7960 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2011/02/24 08:16:22.0830 7960 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys

2011/02/24 08:16:22.0986 7960 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/02/24 08:16:23.0220 7960 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys

2011/02/24 08:16:23.0360 7960 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/02/24 08:16:23.0579 7960 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/02/24 08:16:23.0766 7960 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys

2011/02/24 08:16:23.0906 7960 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\drivers\CompositeBus.sys

2011/02/24 08:16:24.0094 7960 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys

2011/02/24 08:16:24.0421 7960 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/02/24 08:16:24.0624 7960 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/02/24 08:16:24.0796 7960 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys

2011/02/24 08:16:25.0092 7960 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/02/24 08:16:25.0279 7960 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

2011/02/24 08:16:25.0685 7960 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys

2011/02/24 08:16:26.0090 7960 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys

2011/02/24 08:16:26.0215 7960 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/02/24 08:16:26.0496 7960 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/02/24 08:16:26.0808 7960 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/02/24 08:16:27.0042 7960 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys

2011/02/24 08:16:27.0416 7960 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/02/24 08:16:27.0557 7960 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/02/24 08:16:27.0822 7960 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys

2011/02/24 08:16:27.0994 7960 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/02/24 08:16:28.0228 7960 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/02/24 08:16:28.0368 7960 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/02/24 08:16:28.0540 7960 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\Windows\system32\drivers\ftdibus.sys

2011/02/24 08:16:28.0805 7960 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\Windows\system32\drivers\ftser2k.sys

2011/02/24 08:16:28.0976 7960 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/02/24 08:16:29.0179 7960 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys

2011/02/24 08:16:29.0366 7960 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/02/24 08:16:29.0522 7960 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2011/02/24 08:16:29.0694 7960 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\drivers\HDAudBus.sys

2011/02/24 08:16:29.0959 7960 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys

2011/02/24 08:16:30.0100 7960 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys

2011/02/24 08:16:30.0240 7960 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys

2011/02/24 08:16:30.0427 7960 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/02/24 08:16:30.0786 7960 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/02/24 08:16:31.0114 7960 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/02/24 08:16:31.0394 7960 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/02/24 08:16:32.0112 7960 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/02/24 08:16:32.0424 7960 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys

2011/02/24 08:16:32.0861 7960 igd (6b432a8519e36aa9da302a8b4b016afa) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/02/24 08:16:33.0064 7960 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys

2011/02/24 08:16:33.0360 7960 IntcAzAudAddService (b68a9bad1b7c1453ef063c09ebd95c2e) C:\Windows\system32\drivers\RTKVHDA.sys

2011/02/24 08:16:33.0812 7960 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/02/24 08:16:34.0056 7960 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys

2011/02/24 08:16:35.0065 7960 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/02/24 08:16:35.0225 7960 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\drivers\IPMIDrv.sys

2011/02/24 08:16:35.0419 7960 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/02/24 08:16:35.0580 7960 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/02/24 08:16:35.0750 7960 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/02/24 08:16:35.0889 7960 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\drivers\msiscsi.sys

2011/02/24 08:16:36.0871 7960 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/02/24 08:16:37.0059 7960 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/02/24 08:16:37.0277 7960 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/02/24 08:16:37.0776 7960 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/02/24 08:16:38.0151 7960 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/02/24 08:16:38.0541 7960 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys

2011/02/24 08:16:38.0712 7960 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys

2011/02/24 08:16:38.0931 7960 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys

2011/02/24 08:16:39.0149 7960 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys

2011/02/24 08:16:39.0305 7960 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/02/24 08:16:39.0508 7960 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys

2011/02/24 08:16:39.0648 7960 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys

2011/02/24 08:16:39.0820 7960 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/02/24 08:16:39.0991 7960 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/02/24 08:16:40.0163 7960 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/02/24 08:16:40.0288 7960 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/02/24 08:16:40.0475 7960 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/02/24 08:16:40.0615 7960 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\drivers\mpio.sys

2011/02/24 08:16:40.0771 7960 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/02/24 08:16:41.0021 7960 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/02/24 08:16:41.0193 7960 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/02/24 08:16:41.0333 7960 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/02/24 08:16:41.0473 7960 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/02/24 08:16:41.0614 7960 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\drivers\msahci.sys

2011/02/24 08:16:41.0801 7960 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys

2011/02/24 08:16:42.0019 7960 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/02/24 08:16:42.0160 7960 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/02/24 08:16:42.0347 7960 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/02/24 08:16:42.0628 7960 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/02/24 08:16:42.0799 7960 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/02/24 08:16:42.0971 7960 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/02/24 08:16:43.0143 7960 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/02/24 08:16:43.0314 7960 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/02/24 08:16:43.0517 7960 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/02/24 08:16:43.0673 7960 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys

2011/02/24 08:16:43.0860 7960 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/02/24 08:16:44.0094 7960 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/02/24 08:16:44.0313 7960 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/02/24 08:16:44.0484 7960 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/02/24 08:16:44.0656 7960 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/02/24 08:16:44.0843 7960 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/02/24 08:16:45.0015 7960 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/02/24 08:16:45.0186 7960 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/02/24 08:16:45.0358 7960 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/02/24 08:16:45.0529 7960 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/02/24 08:16:45.0857 7960 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys

2011/02/24 08:16:46.0075 7960 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/02/24 08:16:46.0216 7960 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/02/24 08:16:46.0450 7960 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2011/02/24 08:16:46.0653 7960 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/02/24 08:16:46.0824 7960 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\drivers\nvraid.sys

2011/02/24 08:16:47.0027 7960 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\drivers\nvstor.sys

2011/02/24 08:16:47.0261 7960 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/02/24 08:16:47.0464 7960 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/02/24 08:16:48.0618 7960 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys

2011/02/24 08:16:48.0743 7960 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/02/24 08:16:48.0883 7960 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys

2011/02/24 08:16:49.0071 7960 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\drivers\pci.sys

2011/02/24 08:16:49.0211 7960 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/02/24 08:16:49.0445 7960 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys

2011/02/24 08:16:49.0819 7960 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/02/24 08:16:49.0975 7960 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/02/24 08:16:50.0818 7960 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/02/24 08:16:50.0974 7960 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys

2011/02/24 08:16:52.0191 7960 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/02/24 08:16:52.0440 7960 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys

2011/02/24 08:16:52.0627 7960 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys

2011/02/24 08:16:53.0641 7960 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/02/24 08:16:53.0751 7960 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/02/24 08:16:53.0860 7960 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/02/24 08:16:54.0047 7960 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/02/24 08:16:54.0203 7960 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/02/24 08:16:54.0328 7960 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/02/24 08:16:54.0453 7960 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/02/24 08:16:54.0609 7960 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys

2011/02/24 08:16:54.0796 7960 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/02/24 08:16:54.0967 7960 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/02/24 08:16:55.0155 7960 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/02/24 08:16:55.0311 7960 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/02/24 08:16:55.0451 7960 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/02/24 08:16:55.0638 7960 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/02/24 08:16:55.0763 7960 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys

2011/02/24 08:16:55.0903 7960 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

2011/02/24 08:16:56.0059 7960 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys

2011/02/24 08:16:56.0247 7960 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys

2011/02/24 08:16:56.0699 7960 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/02/24 08:16:56.0933 7960 SAVOnAccess (ae668d3f43fc90bc17f62e08ff82a446) C:\Windows\system32\DRIVERS\savonaccess.sys

2011/02/24 08:16:57.0089 7960 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\drivers\sbp2port.sys

2011/02/24 08:16:57.0261 7960 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/02/24 08:16:57.0495 7960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/02/24 08:16:57.0729 7960 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/02/24 08:16:57.0853 7960 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys

2011/02/24 08:16:57.0978 7960 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys

2011/02/24 08:16:58.0165 7960 SFEP (dcaff7089185e6461b92d3d3a17ba295) C:\Windows\system32\drivers\SFEP.sys

2011/02/24 08:16:58.0306 7960 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/02/24 08:16:58.0431 7960 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/02/24 08:16:58.0602 7960 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\drivers\sffp_sd.sys

2011/02/24 08:16:58.0711 7960 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys

2011/02/24 08:16:58.0945 7960 shpf (0e0e7ecaf83f793effa080685e24d2db) C:\Windows\system32\DRIVERS\shpf.sys

2011/02/24 08:16:59.0257 7960 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/02/24 08:16:59.0382 7960 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys

2011/02/24 08:16:59.0523 7960 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys

2011/02/24 08:16:59.0663 7960 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/02/24 08:16:59.0913 7960 SophosBootDriver (f2b7bd04146b3e6a895a1919e1f5da89) C:\Windows\system32\DRIVERS\SophosBootDriver.sys

2011/02/24 08:17:00.0100 7960 SPI (fa3daa12247ea580b2c6c37bd4933ea1) C:\Windows\system32\drivers\SonyPI.sys

2011/02/24 08:17:00.0271 7960 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/02/24 08:17:00.0568 7960 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2011/02/24 08:17:00.0708 7960 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2011/02/24 08:17:00.0864 7960 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2011/02/24 08:17:01.0036 7960 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys

2011/02/24 08:17:01.0239 7960 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/02/24 08:17:01.0753 7960 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2011/02/24 08:17:02.0003 7960 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2011/02/24 08:17:02.0128 7960 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/02/24 08:17:02.0299 7960 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/02/24 08:17:02.0424 7960 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/02/24 08:17:02.0549 7960 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/02/24 08:17:02.0689 7960 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\drivers\termdd.sys

2011/02/24 08:17:03.0048 7960 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/02/24 08:17:03.0204 7960 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/02/24 08:17:03.0360 7960 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys

2011/02/24 08:17:03.0563 7960 udfs (6557d75e8b7d6a06cdc21cd39dbf255c) C:\Windows\system32\DRIVERS\udfs.sys

2011/02/24 08:17:03.0781 7960 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/02/24 08:17:03.0922 7960 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/02/24 08:17:04.0078 7960 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys

2011/02/24 08:17:04.0296 7960 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/02/24 08:17:04.0421 7960 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/02/24 08:17:04.0593 7960 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\drivers\usbehci.sys

2011/02/24 08:17:04.0749 7960 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2011/02/24 08:17:04.0905 7960 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys

2011/02/24 08:17:05.0076 7960 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/02/24 08:17:05.0217 7960 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/02/24 08:17:05.0341 7960 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/02/24 08:17:05.0482 7960 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys

2011/02/24 08:17:05.0607 7960 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

2011/02/24 08:17:06.0012 7960 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/02/24 08:17:06.0168 7960 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/02/24 08:17:06.0309 7960 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/02/24 08:17:06.0449 7960 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\drivers\vhdmp.sys

2011/02/24 08:17:06.0574 7960 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/02/24 08:17:06.0714 7960 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys

2011/02/24 08:17:07.0713 7960 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/02/24 08:17:07.0837 7960 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\drivers\volmgr.sys

2011/02/24 08:17:08.0103 7960 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/02/24 08:17:08.0243 7960 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\drivers\volsnap.sys

2011/02/24 08:17:08.0415 7960 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys

2011/02/24 08:17:08.0602 7960 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/02/24 08:17:08.0727 7960 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/02/24 08:17:08.0914 7960 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys

2011/02/24 08:17:09.0039 7960 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/02/24 08:17:09.0132 7960 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/02/24 08:17:09.0351 7960 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys

2011/02/24 08:17:09.0507 7960 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/02/24 08:17:09.0803 7960 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/02/24 08:17:09.0943 7960 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/02/24 08:17:10.0255 7960 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/02/24 08:17:10.0443 7960 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/02/24 08:17:10.0692 7960 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/02/24 08:17:10.0926 7960 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/02/24 08:17:11.0051 7960 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/02/24 08:17:11.0316 7960 yukonw7 (4e8630d1a7e15d7f9a2bc25993ae7234) C:\Windows\system32\DRIVERS\yk62x86.sys

2011/02/24 08:17:11.0550 7960 ================================================================================

2011/02/24 08:17:11.0550 7960 Scan finished

2011/02/24 08:17:11.0550 7960 ================================================================================

AND

DDS (Ver_10-12-12.02) - NTFSx86

Run by Rivka at 8:18:54.23 on Thu 02/24/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.246 [GMT -7:00]

AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\DDNi\Oasis2Service 1.0\Oasis2Service.exe

C:\Windows\System32\svchost.exe -k HPZ12

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

C:\Program Files\Sony\VAIO Care\VCSpt.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\vncutil.exe

C:\Program Files\AlpsPoint\ApMain.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\AlpsPoint\ApMsgFwd.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Upromise\dca-ua.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Upromise\UpromiseTray.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\vds.exe

C:\Program Files\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe

C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\DDNI\Oasis\VAIO Messenger.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Rivka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOJ3HA9Z\dds[1].scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://sony.msn.com

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [upromise Update] c:\program files\upromise\dca-ua.exe

uRun: [upromise Tray] c:\program files\upromise\UpromiseTray.exe

uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [vncutil] c:\program files\realtek\audio\hda\vncutil.exe

mRun: [ApMain] %ProgramFiles%\AlpsPoint\ApMain.exe

mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [igfxExt] c:\windows\system32\IgfxExt.exe /RegServer

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rivka\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL acaptuser32.dll

============= SERVICES / DRIVERS ===============

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2010-4-6 23712]

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-12-23 122360]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]

R2 Oasis2Service;Oasis2Service;c:\program files\ddni\oasis2service 1.0\Oasis2Service.exe [2010-6-24 46080]

R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2010-8-6 133664]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520]

R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2010-8-6 104960]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2010-3-18 852336]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-2-19 529776]

R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-2-19 386416]

R3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-2-25 68144]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-8-6 17408]

R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2011-1-12 648832]

R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\microsoft sql server\mssql10.ddni\mssql\binn\sqlservr.exe [2009-3-30 43010392]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-4-6 9344]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2010-2-8 222064]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-4-6 14720]

R3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-8-6 513392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-2-8 43944]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-6 29472]

S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-8-6 122880]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-8-6 108400]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-8-6 422768]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-8-6 67952]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-2-19 91504]

S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-12-23 746864]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-23 1343400]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-4-6 316416]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-12-23 22536]

S4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\microsoft sql server\mssql10.ddni\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Log

2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Config

2011-02-23 01:50:28 -------- d-----w- c:\users\rivka\appdata\roaming\Malwarebytes

2011-02-23 01:50:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:50:02 -------- d-----w- c:\progra~2\Malwarebytes

2011-02-23 01:49:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-23 01:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-23 01:31:16 -------- d-----w- c:\users\rivka\appdata\roaming\Sammsoft

2011-02-23 01:30:35 -------- d-----w- c:\program files\ARO 2011

2011-02-22 20:10:43 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2011-02-22 20:08:28 -------- d-----w- c:\users\rivka\appdata\local\Sophos

2011-02-22 20:07:53 112056 ----a-w- c:\windows\system32\acaptuser32.dll

2011-02-22 20:01:16 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b8e57123-ce1d-442e-920e-0a294ae3ed65}\mpengine.dll

2011-02-22 19:44:29 -------- d-----w- C:\A9R8787.tmp

2011-02-22 19:22:13 -------- d-----w- c:\progra~2\fEhPmMp08200

2011-02-17 20:58:27 -------- d-----w- c:\users\rivka\appdata\local\ElevatedDiagnostics

2011-02-15 16:33:49 256 ----a-w- c:\windows\system32\pool.bin

2011-02-15 16:13:58 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys

2011-02-15 16:12:18 -------- d-----w- c:\program files\Research In Motion

2011-02-03 20:47:18 -------- d-----w- c:\users\rivka\appdata\roaming\Auslogics

2011-02-01 16:57:10 -------- d-----w- c:\users\rivka\appdata\roaming\upromise

2011-02-01 16:57:10 -------- d-----w- c:\program files\Upromise

==================== Find3M ====================

2011-02-13 21:19:38 2516 --sha-w- c:\progra~2\KGyGaAvL.sys

2011-02-01 15:28:28 88 --sh--r- c:\progra~2\46BD3B2112.sys

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

2010-12-23 16:29:16 72748 ----a-w- c:\windows\unins000.exe

2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll

2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll

2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll

2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec

2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

============= FINISH: 8:20:34.86 ===============

Link to post
Share on other sites

Now a big question: Since Sophos didn't react in time to prevent this infection, since malwarebyte didn't detect it, how am i supposed to protect myself from these things in the future? I really don't do anything creative with my computer, everything (windows, etc) is constantly updated, and I got this virus from what is supposed to be a trusted real estate web-site. Is there an antivirus software out there that could have prevented this?

I'll send you some suggestions when finish our work.

Now:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your next reply, please post these log(s):

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

There you go, as instructed, thank you.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5871

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2/24/2011 12:10:23 PM

mbam-log-2011-02-24 (12-10-23).txt

Scan type: Quick scan

Objects scanned: 150467

Time elapsed: 12 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

AND

DDS (Ver_10-12-12.02) - NTFSx86

Run by Rivka at 12:13:20.11 on Thu 02/24/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.364 [GMT -7:00]

AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\DDNi\Oasis2Service 1.0\Oasis2Service.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

C:\Program Files\Sony\VAIO Care\VCSpt.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\vncutil.exe

C:\Program Files\AlpsPoint\ApMain.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\AlpsPoint\ApMsgFwd.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Upromise\dca-ua.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Upromise\UpromiseTray.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\vds.exe

C:\Program Files\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe

C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\DDNI\Oasis\VAIO Messenger.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe

C:\Program Files\Sony\VAIO Event Service\VESGfxMgr.exe

C:\Windows\system32\IgfxExt.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Rivka\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://sony.msn.com

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [upromise Update] c:\program files\upromise\dca-ua.exe

uRun: [upromise Tray] c:\program files\upromise\UpromiseTray.exe

uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [vncutil] c:\program files\realtek\audio\hda\vncutil.exe

mRun: [ApMain] %ProgramFiles%\AlpsPoint\ApMain.exe

mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [igfxExt] c:\windows\system32\IgfxExt.exe /RegServer

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rivka\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL acaptuser32.dll

============= SERVICES / DRIVERS ===============

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2010-4-6 23712]

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-12-23 122360]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]

R2 Oasis2Service;Oasis2Service;c:\program files\ddni\oasis2service 1.0\Oasis2Service.exe [2010-6-24 46080]

R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2010-8-6 133664]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520]

R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2010-8-6 104960]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2010-3-18 852336]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-2-19 529776]

R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-2-19 386416]

R3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-2-25 68144]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-8-6 17408]

R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2011-1-12 648832]

R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\microsoft sql server\mssql10.ddni\mssql\binn\sqlservr.exe [2009-3-30 43010392]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-4-6 9344]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2010-2-8 222064]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-4-6 14720]

R3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-8-6 513392]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-4-6 316416]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-2-8 43944]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-6 29472]

S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-8-6 122880]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-8-6 108400]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-8-6 422768]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-8-6 67952]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-2-19 91504]

S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-12-23 746864]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-23 1343400]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-12-23 22536]

S4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\microsoft sql server\mssql10.ddni\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2011-02-24 18:57:51 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8a3992d1-1dc2-4041-b9ae-2023bedbe8c4}\mpengine.dll

2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Log

2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Config

2011-02-23 01:50:28 -------- d-----w- c:\users\rivka\appdata\roaming\Malwarebytes

2011-02-23 01:50:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:50:02 -------- d-----w- c:\progra~2\Malwarebytes

2011-02-23 01:49:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-23 01:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-23 01:31:16 -------- d-----w- c:\users\rivka\appdata\roaming\Sammsoft

2011-02-23 01:30:35 -------- d-----w- c:\program files\ARO 2011

2011-02-22 20:10:43 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2011-02-22 20:08:28 -------- d-----w- c:\users\rivka\appdata\local\Sophos

2011-02-22 20:07:53 112056 ----a-w- c:\windows\system32\acaptuser32.dll

2011-02-22 19:44:29 -------- d-----w- C:\A9R8787.tmp

2011-02-22 19:22:13 -------- d-----w- c:\progra~2\fEhPmMp08200

2011-02-17 20:58:27 -------- d-----w- c:\users\rivka\appdata\local\ElevatedDiagnostics

2011-02-15 16:33:49 256 ----a-w- c:\windows\system32\pool.bin

2011-02-15 16:13:58 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys

2011-02-15 16:12:18 -------- d-----w- c:\program files\Research In Motion

2011-02-03 20:47:18 -------- d-----w- c:\users\rivka\appdata\roaming\Auslogics

2011-02-01 16:57:10 -------- d-----w- c:\users\rivka\appdata\roaming\upromise

2011-02-01 16:57:10 -------- d-----w- c:\program files\Upromise

==================== Find3M ====================

2011-02-13 21:19:38 2516 --sha-w- c:\progra~2\KGyGaAvL.sys

2011-02-01 15:28:28 88 --sh--r- c:\progra~2\46BD3B2112.sys

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

2010-12-23 16:29:16 72748 ----a-w- c:\windows\unins000.exe

2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll

2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll

2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll

2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec

2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

============= FINISH: 12:15:12.91 ===============

Link to post
Share on other sites

Thanks!

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    ----------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Hi there, Combo-Fix has been running fine (i followed all instructions), it did find an infected file, but now it has been stuck at "rebooting windows...please wait" for what seems like 20 min... what do i do?? i did not double click in the windows..

i am writing this from a different computer.

thanks,

Link to post
Share on other sites

ok, so after an hour, I just turned my computer off and on, and Combofix picked up where it left off. the log is below. Thank you.

ComboFix 11-02-24.01 - Rivka 02/24/2011 14:03:46.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.652 [GMT -7:00]

Running from: c:\users\Rivka\Desktop\Combo-Fix.exe

AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\users\Rivka\AppData\Local\ie_runner_app.exe

c:\users\Rivka\AppData\Roaming\Config

c:\windows\system32\bin

c:\windows\system32\spool\prtprocs\w32x86\Xrpp_b.dll

c:\windows\system32\userinit.exe . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))

.

2011-02-24 21:19 . 2011-02-24 22:24 -------- d-----w- c:\users\Rivka\AppData\Local\temp

2011-02-24 21:19 . 2011-02-24 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-24 18:57 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A3992D1-1DC2-4041-B9AE-2023BEDBE8C4}\mpengine.dll

2011-02-23 15:42 . 2011-02-23 15:42 -------- d-----w- c:\users\Rivka\AppData\Roaming\Log

2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\users\Rivka\AppData\Roaming\Malwarebytes

2011-02-23 01:50 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\programdata\Malwarebytes

2011-02-23 01:49 . 2011-02-23 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-23 01:49 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-23 01:31 . 2011-02-23 01:31 -------- d-----w- c:\users\Rivka\AppData\Roaming\Sammsoft

2011-02-23 01:30 . 2011-02-23 14:00 -------- d-----w- c:\program files\ARO 2011

2011-02-22 20:10 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2011-02-22 20:08 . 2011-02-22 20:08 -------- d-----w- c:\users\Rivka\AppData\Local\Sophos

2011-02-22 20:07 . 2010-09-23 01:47 112056 ----a-w- c:\windows\system32\acaptuser32.dll

2011-02-22 19:44 . 2011-02-22 19:44 -------- d-----w- C:\A9R8787.tmp

2011-02-22 19:22 . 2011-02-22 19:57 -------- d-----w- c:\programdata\fEhPmMp08200

2011-02-17 20:58 . 2011-02-17 20:58 -------- d-----w- c:\users\Rivka\AppData\Local\ElevatedDiagnostics

2011-02-15 16:33 . 2011-02-15 16:33 256 ----a-w- c:\windows\system32\pool.bin

2011-02-15 16:13 . 2009-01-09 23:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys

2011-02-15 16:12 . 2011-02-15 22:32 -------- d-----w- c:\program files\Research In Motion

2011-02-10 03:16 . 2011-02-16 20:32 -------- d-----w- c:\program files\Microsoft Silverlight

2011-02-03 20:47 . 2011-02-03 21:06 -------- d-----w- c:\users\Rivka\AppData\Roaming\Auslogics

2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\users\Rivka\AppData\Roaming\upromise

2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\program files\Upromise

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-13 21:19 . 2010-12-24 16:12 2516 --sha-w- c:\programdata\KGyGaAvL.sys

2011-02-01 15:28 . 2010-12-24 16:12 88 --sh--r- c:\programdata\46BD3B2112.sys

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTRK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTHA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrNLD.lrc

2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrITA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrHUN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrFRA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrRUS.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTG.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPLK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrSVE.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrNOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrFIN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 204800 ----a-w- c:\windows\system32\igfxrTRK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 196608 ----a-w- c:\windows\system32\igfxrTHA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 188416 ----a-w- c:\windows\system32\igfxrHEB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrKOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrJPN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressSVE.lrc

2011-01-12 19:54 . 2010-03-05 02:04 502296 ----a-w- c:\windows\system32\igfxsrvc.exe

2011-01-12 19:54 . 2010-03-05 02:04 45056 ----a-w- c:\windows\system32\igfxsrvc.dll

2011-01-12 19:54 . 2010-03-05 02:04 137752 ----a-w- c:\windows\system32\igfxtray.exe

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTG.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPLK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressHUN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressESP.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressHEB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressFRA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressJPN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressITA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressKOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressDEU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressRUS.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNLD.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressDAN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressCSY.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressFIN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressENU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressELL.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHT.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHS.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressARA.lrc

2011-01-12 19:54 . 2010-03-05 02:04 3334144 ----a-w- c:\windows\system32\igfxress.dll

2011-01-12 19:54 . 2011-01-12 19:54 895512 ----a-w- c:\windows\system32\igfxcfg.exe

2011-01-12 19:54 . 2011-01-12 19:54 648832 ----a-w- c:\windows\system32\drivers\igdkmd32.sys

2011-01-12 19:54 . 2011-01-12 19:54 327680 ----a-w- c:\windows\system32\igfxcpl.cpl

2011-01-12 19:54 . 2011-01-12 19:54 307200 ----a-w- c:\windows\system32\igfxdo.dll

2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxres.dll

2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxrENU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrELL.lrc

2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrDEU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrESP.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrDAN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrCSY.lrc

2011-01-12 19:54 . 2011-01-12 19:54 200704 ----a-w- c:\windows\system32\igfxpph.dll

2011-01-12 19:54 . 2011-01-12 19:54 192512 ----a-w- c:\windows\system32\igfxrARA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHT.lrc

2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHS.lrc

2011-01-12 19:54 . 2010-08-06 12:45 977432 ----a-w- c:\windows\system32\lpgun.exe

2011-01-12 19:54 . 2010-03-05 02:04 350744 ----a-w- c:\windows\system32\hkcmd.exe

2011-01-12 19:54 . 2010-03-05 02:04 258048 ----a-w- c:\windows\system32\hccutils.dll

2011-01-12 19:54 . 2010-03-05 02:04 23040 ----a-w- c:\windows\system32\IgfxExtps.dll

2011-01-12 19:54 . 2010-03-05 02:04 174616 ----a-w- c:\windows\system32\IgfxExt.exe

2011-01-12 19:54 . 2010-03-05 02:04 1418752 ----a-w- c:\windows\system32\igdumd32.dll

2010-12-23 16:29 . 2002-02-10 08:00 72748 ----a-w- c:\windows\unins000.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

"Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2010-12-02 175800]

"Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2010-12-14 241360]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-07-28 526992]

"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-01 8505888]

"vncutil"="c:\program files\Realtek\Audio\HDA\vncutil.exe" [2010-03-01 358944]

"SmartWiHelper"="c:\program files\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]

"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-12 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-12 350744]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

c:\users\Rivka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]

Dropbox.lnk - c:\users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]

VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-22 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-22 29472]

R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-12-23 122880]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-02-20 91504]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 746864]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-23 1343400]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2009-02-09 22536]

R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 23712]

S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-10-08 122360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 Oasis2Service;Oasis2Service;c:\program files\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-25 46080]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2010-03-01 133664]

S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]

S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520]

S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]

S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]

S3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-02-15 68144]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]

S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-01-12 648832]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-01-21 9344]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 222064]

S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-01-22 14720]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 513392]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-01-20 316416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

Akamai REG_MULTI_SZ Akamai

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2011-02-23 c:\windows\Tasks\ARO 2011.job

- c:\program files\ARO 2011\ARO.exe [2011-02-23 16:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-ApMain - %ProgramFiles%\AlpsPoint\ApMain.exe

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(252)

c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Sony\VAIO Care\VCSpt.exe

c:\program files\Sony\VAIO Power Management\SPMgr.exe

c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\windows\system32\DllHost.exe

c:\program files\Sony\VAIO Event Service\VESMgrSub.exe

c:\windows\system32\conhost.exe

c:\program files\Sony\VAIO Care\VCsystray.exe

c:\windows\System32\vds.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-02-24 15:29:03 - machine was rebooted

ComboFix-quarantined-files.txt 2011-02-24 22:29

Pre-Run: 72,682,721,280 bytes free

Post-Run: 73,038,438,400 bytes free

- - End Of File - - 8DF74A9A507221C0C1F1D211A5FFAFE9

AND

DDS (Ver_10-12-12.02) - NTFSx86

Run by Rivka at 15:43:38.97 on Thu 02/24/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.727 [GMT -7:00]

AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\DDNi\Oasis2Service 1.0\Oasis2Service.exe

C:\Windows\System32\svchost.exe -k HPZ12

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\Explorer.EXE

C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\VAIO Care\VCSpt.exe

C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files\Realtek\Audio\HDA\vncutil.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Upromise\dca-ua.exe

C:\Program Files\Upromise\UpromiseTray.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\DDNi\Oasis\Delay.exe

C:\Users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\DDNi\Oasis\Delay.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\vds.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe

C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\servicing\TrustedInstaller.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Rivka\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [upromise Update] c:\program files\upromise\dca-ua.exe

uRun: [upromise Tray] c:\program files\upromise\UpromiseTray.exe

uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [vncutil] c:\program files\realtek\audio\hda\vncutil.exe

mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rivka\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\users\rivka\appdata\roaming\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vaiome~1.lnk - c:\program files\ddni\oasis\Delay.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

AppInit_DLLs: c:\progra~1\sophos\sophos~1\sophos_detoured.dll c:\windows\system32\acaptuser32.dll

============= SERVICES / DRIVERS ===============

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2010-4-6 23712]

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-12-23 122360]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]

R2 Oasis2Service;Oasis2Service;c:\program files\ddni\oasis2service 1.0\Oasis2Service.exe [2010-6-24 46080]

R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2010-8-6 133664]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520]

R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2010-8-6 104960]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2010-3-18 852336]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-2-19 529776]

R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-2-19 386416]

R3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-2-25 68144]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-8-6 17408]

R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2011-1-12 648832]

R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\microsoft sql server\mssql10.ddni\mssql\binn\sqlservr.exe [2009-3-30 43010392]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-4-6 9344]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2010-2-8 222064]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-4-6 14720]

R3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-8-6 513392]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-4-6 316416]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-2-8 43944]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-6 29472]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-8-6 122880]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-8-6 108400]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-8-6 422768]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-8-6 67952]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-2-19 91504]

S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-12-23 746864]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-23 1343400]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-12-23 22536]

S4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\microsoft sql server\mssql10.ddni\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2011-02-24 22:34:09 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-24 22:27:57 -------- d-sh--w- C:\$RECYCLE.BIN

2011-02-24 21:19:46 -------- d-----w- c:\users\rivka\appdata\local\temp

2011-02-24 21:00:09 89088 ----a-w- c:\windows\MBR.exe

2011-02-24 21:00:04 256512 ----a-w- c:\windows\PEV.exe

2011-02-24 21:00:03 161792 ----a-w- c:\windows\SWREG.exe

2011-02-24 21:00:01 98816 ----a-w- c:\windows\sed.exe

2011-02-24 18:59:47 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-24 18:59:46 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-24 18:57:51 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8a3992d1-1dc2-4041-b9ae-2023bedbe8c4}\mpengine.dll

2011-02-23 15:42:51 -------- d-----w- c:\users\rivka\appdata\roaming\Log

2011-02-23 01:50:28 -------- d-----w- c:\users\rivka\appdata\roaming\Malwarebytes

2011-02-23 01:50:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:50:02 -------- d-----w- c:\progra~2\Malwarebytes

2011-02-23 01:49:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-23 01:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-23 01:31:16 -------- d-----w- c:\users\rivka\appdata\roaming\Sammsoft

2011-02-23 01:30:35 -------- d-----w- c:\program files\ARO 2011

2011-02-22 20:10:43 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2011-02-22 20:08:28 -------- d-----w- c:\users\rivka\appdata\local\Sophos

2011-02-22 20:07:53 112056 ----a-w- c:\windows\system32\acaptuser32.dll

2011-02-22 19:22:13 -------- d-----w- c:\progra~2\fEhPmMp08200

2011-02-17 20:58:27 -------- d-----w- c:\users\rivka\appdata\local\ElevatedDiagnostics

2011-02-15 16:33:49 256 ----a-w- c:\windows\system32\pool.bin

2011-02-15 16:13:58 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys

2011-02-15 16:12:18 -------- d-----w- c:\program files\Research In Motion

2011-02-03 20:47:18 -------- d-----w- c:\users\rivka\appdata\roaming\Auslogics

2011-02-01 16:57:10 -------- d-----w- c:\users\rivka\appdata\roaming\upromise

2011-02-01 16:57:10 -------- d-----w- c:\program files\Upromise

==================== Find3M ====================

2011-02-13 21:19:38 2516 --sha-w- c:\progra~2\KGyGaAvL.sys

2011-02-01 15:28:28 88 --sh--r- c:\progra~2\46BD3B2112.sys

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

2010-12-23 16:29:16 72748 ----a-w- c:\windows\unins000.exe

2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll

2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll

2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll

2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec

2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

============= FINISH: 15:45:15.89 ===============

Link to post
Share on other sites

There you go, and thanks again!!

File name: userinit.exe

Submission date: 2011-02-25 18:12:01 (UTC)

Current status: queued (#9) queued (#10) analysing finished

Result: 0/ 43 (0.0%)

AhnLab-V3 2011.02.25.00 2011.02.24 -

AntiVir 7.11.3.240 2011.02.25 -

Antiy-AVL 2.0.3.7 2011.02.25 -

Avast 4.8.1351.0 2011.02.23 -

Avast5 5.0.677.0 2011.02.23 -

AVG 10.0.0.1190 2011.02.25 -

BitDefender 7.2 2011.02.25 -

CAT-QuickHeal 11.00 2011.02.25 -

ClamAV 0.96.4.0 2011.02.25 -

Commtouch 5.2.11.5 2011.02.25 -

Comodo 7809 2011.02.25 -

DrWeb 5.0.2.03300 2011.02.25 -

Emsisoft 5.1.0.2 2011.02.25 -

eSafe 7.0.17.0 2011.02.24 -

eTrust-Vet 36.1.8183 2011.02.25 -

F-Prot 4.6.2.117 2011.02.24 -

F-Secure 9.0.16160.0 2011.02.25 -

Fortinet 4.2.254.0 2011.02.25 -

GData 21 2011.02.25 -

Ikarus T3.1.1.97.0 2011.02.25 -

Jiangmin 13.0.900 2011.02.25 -

K7AntiVirus 9.90.3967 2011.02.25 -

Kaspersky 7.0.0.125 2011.02.25 -

McAfee 5.400.0.1158 2011.02.25 -

McAfee-GW-Edition 2010.1C 2011.02.25 -

Microsoft 1.6603 2011.02.25 -

NOD32 5908 2011.02.25 -

Norman 6.07.03 2011.02.25 -

nProtect 2011-02-10.01 2011.02.15 -

Panda 10.0.3.5 2011.02.25 -

PCTools 7.0.3.5 2011.02.25 -

Prevx 3.0 2011.02.25 -

Rising 23.46.04.05 2011.02.25 -

Sophos 4.61.0 2011.02.25 -

SUPERAntiSpyware 4.40.0.1006 2011.02.25 -

Symantec 20101.3.0.103 2011.02.25 -

TheHacker 6.7.0.1.139 2011.02.25 -

TrendMicro 9.200.0.1012 2011.02.25 -

TrendMicro-HouseCall 9.200.0.1012 2011.02.25 -

VBA32 3.12.14.3 2011.02.25 -

VIPRE 8534 2011.02.25 -

ViRobot 2011.2.25.4329 2011.02.25 -

VirusBuster 13.6.220.0 2011.02.25 -

Additional informationShow all

MD5 : 6de80f60d7de9ce6b8c2ddfdf79ef175

SHA1 : 8d439a6186ff526403989ac217dfe8e3a2d8bc2c

SHA256: 7784a6cada74e314e7d79573ad9e490f4a36e0deb86c07732a75856a7e8f1e3a

ssdeep: 384:Oj+CsDNjesrHdlvJhRLYZpgKeGf5F/hyWeR22PXG/7LKpuZeRsJCKWuVymWB:OxstZlRhNY

ZpgpuFeR22vo7L3O1

File size : 26112 bytes

First seen: 2009-08-11 16:56:55

Last seen : 2011-02-25 18:12:01

TrID:

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Userinit Logon Application

original name: USERINIT.EXE

internal name: userinit

file version.: 6.1.7600.16385 (win7_rtm.090713-1255)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x2B4E

timedatestamp....: 0x4A5BC47B (Mon Jul 13 23:34:19 2009)

machinetype......: 0x14c (I386)

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x4CC9, 0x4E00, 6.08, 42103130bcecb40c949779c1a865ac9a

.data, 0x6000, 0x4E8, 0x600, 0.87, 33d7907333f0fbf9350ce65ced1af048

.rsrc, 0x7000, 0x778, 0x800, 4.05, cb2b29ba8fea6ee6f3666d8bf554071f

.reloc, 0x8000, 0x410, 0x600, 5.22, ae619042157784c4e0538bf811d6d473

[[ 7 import(s) ]]

ntdll.dll: DbgPrint, RtlInitUnicodeString, NtOpenKey, NtClose

API_MS_Win_Core_LocalRegistry_L1_1_0.dll: RegCreateKeyExW, RegDeleteTreeW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegQueryInfoKeyW

API_MS_Win_Core_ProcessThreads_L1_1_0.dll: SetThreadPriority, GetCurrentThread, CreateThread, GetCurrentProcess, CreateProcessW, OpenProcessToken

USER32.dll: CharNextW, GetKeyboardLayout, GetSystemMetrics, ExitWindowsEx, MessageBoxW, LoadStringW, LoadRemoteFonts, DefWindowProcW, RegisterClassExW, DestroyWindow, CreateWindowExW, SystemParametersInfoW

USERENV.dll: -

msvcrt.dll: _ismbblead, _XcptFilter, _exit, _cexit, exit, _wcsicmp, memset, memmove, _vsnwprintf, _initterm, _acmdln, _amsg_exit, __setusermatherr, __p__fmode, __set_app_type, _terminate@@YAXXZ, _except_handler4_common, _controlfp, __getmainargs, __p__commode

KERNEL32.dll: GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedExchange, LoadLibraryA, RegOpenKeyExA, RegQueryValueExA, ExpandEnvironmentStringsA, LoadLibraryExA, InterlockedCompareExchange, DelayLoadFailureHook, HeapSetInformation, SetCurrentDirectoryW, FormatMessageW, GetFileAttributesExW, GetSystemDirectoryW, SetLastError, ExpandEnvironmentStringsW, GetUserDefaultLangID, SetEvent, OpenEventW, Sleep, WaitForSingleObject, CloseHandle, GetLastError, SetEnvironmentVariableW, SearchPathW, GetCurrentThreadId, CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, GetEnvironmentVariableW, LocalAlloc, LocalFree, GetVersionExW, lstrlenW

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 19968

CompanyName: Microsoft Corporation

EntryPoint: 0x2b4e

FileDescription: Userinit Logon Application

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 26 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)

FileVersionNumber: 6.1.7600.16385

ImageVersion: 6.1

InitializedDataSize: 5120

InternalName: userinit

LanguageCode: English (U.S.)

LegalCopyright: Microsoft Corporation. All rights reserved.

LinkerVersion: 9.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 6.1

ObjectFileType: Executable application

OriginalFilename: USERINIT.EXE

PEType: PE32

ProductName: Microsoft Windows Operating System

ProductVersion: 6.1.7600.16385

ProductVersionNumber: 6.1.7600.16385

Subsystem: Windows GUI

SubsystemVersion: 6.1

TimeStamp: 2009:07:14 01:34:19+02:00

UninitializedDataSize: 0

Link to post
Share on other sites

Thanks! ;)

Open Notepad and copy and paste the text in the code box below into it:

Folder::
C:\programdata\fEhPmMp08200

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

There you go:

ComboFix 11-02-24.05 - Rivka 02/25/2011 12:07:49.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.741 [GMT -7:00]

Running from: c:\users\Rivka\Desktop\Combo-Fix.exe

Command switches used :: c:\users\Rivka\Desktop\CFScript.txt.txt

AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.

((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))

.

2011-02-25 19:23 . 2011-02-25 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-25 13:29 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50438D47-114E-4C5E-98AA-8D7663ADF1E3}\mpengine.dll

2011-02-24 22:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-24 21:19 . 2011-02-25 19:30 -------- d-----w- c:\users\Rivka\AppData\Local\temp

2011-02-24 18:59 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-24 18:59 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-23 15:42 . 2011-02-23 15:42 -------- d-----w- c:\users\Rivka\AppData\Roaming\Log

2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\users\Rivka\AppData\Roaming\Malwarebytes

2011-02-23 01:50 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\programdata\Malwarebytes

2011-02-23 01:49 . 2011-02-23 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-23 01:49 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-23 01:31 . 2011-02-23 01:31 -------- d-----w- c:\users\Rivka\AppData\Roaming\Sammsoft

2011-02-23 01:30 . 2011-02-23 14:00 -------- d-----w- c:\program files\ARO 2011

2011-02-22 20:10 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2011-02-22 20:08 . 2011-02-22 20:08 -------- d-----w- c:\users\Rivka\AppData\Local\Sophos

2011-02-22 20:07 . 2010-09-23 01:47 112056 ----a-w- c:\windows\system32\acaptuser32.dll

2011-02-22 19:22 . 2011-02-22 19:57 -------- d-----w- c:\programdata\fEhPmMp08200

2011-02-17 20:58 . 2011-02-17 20:58 -------- d-----w- c:\users\Rivka\AppData\Local\ElevatedDiagnostics

2011-02-15 16:33 . 2011-02-15 16:33 256 ----a-w- c:\windows\system32\pool.bin

2011-02-15 16:13 . 2009-01-09 23:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys

2011-02-10 03:16 . 2011-02-16 20:32 -------- d-----w- c:\program files\Microsoft Silverlight

2011-02-03 20:47 . 2011-02-03 21:06 -------- d-----w- c:\users\Rivka\AppData\Roaming\Auslogics

2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\users\Rivka\AppData\Roaming\upromise

2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\program files\Upromise

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-13 21:19 . 2010-12-24 16:12 2516 --sha-w- c:\programdata\KGyGaAvL.sys

2011-02-03 00:11 . 2010-12-23 02:31 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-01 15:28 . 2010-12-24 16:12 88 --sh--r- c:\programdata\46BD3B2112.sys

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTRK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTHA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrNLD.lrc

2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrITA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrHUN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrFRA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrRUS.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTG.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPLK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrSVE.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrNOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrFIN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 204800 ----a-w- c:\windows\system32\igfxrTRK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 196608 ----a-w- c:\windows\system32\igfxrTHA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 188416 ----a-w- c:\windows\system32\igfxrHEB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrKOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrJPN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressSVE.lrc

2011-01-12 19:54 . 2010-03-05 02:04 502296 ----a-w- c:\windows\system32\igfxsrvc.exe

2011-01-12 19:54 . 2010-03-05 02:04 45056 ----a-w- c:\windows\system32\igfxsrvc.dll

2011-01-12 19:54 . 2010-03-05 02:04 137752 ----a-w- c:\windows\system32\igfxtray.exe

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTG.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPLK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressHUN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressESP.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressHEB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressFRA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressJPN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressITA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressKOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressDEU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressRUS.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNLD.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressDAN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressCSY.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressFIN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressENU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressELL.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHT.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHS.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressARA.lrc

2011-01-12 19:54 . 2010-03-05 02:04 3334144 ----a-w- c:\windows\system32\igfxress.dll

2011-01-12 19:54 . 2011-01-12 19:54 895512 ----a-w- c:\windows\system32\igfxcfg.exe

2011-01-12 19:54 . 2011-01-12 19:54 648832 ----a-w- c:\windows\system32\drivers\igdkmd32.sys

2011-01-12 19:54 . 2011-01-12 19:54 327680 ----a-w- c:\windows\system32\igfxcpl.cpl

2011-01-12 19:54 . 2011-01-12 19:54 307200 ----a-w- c:\windows\system32\igfxdo.dll

2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxres.dll

2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxrENU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrELL.lrc

2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrDEU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrESP.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrDAN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrCSY.lrc

2011-01-12 19:54 . 2011-01-12 19:54 200704 ----a-w- c:\windows\system32\igfxpph.dll

2011-01-12 19:54 . 2011-01-12 19:54 192512 ----a-w- c:\windows\system32\igfxrARA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHT.lrc

2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHS.lrc

2011-01-12 19:54 . 2010-08-06 12:45 977432 ----a-w- c:\windows\system32\lpgun.exe

2011-01-12 19:54 . 2010-03-05 02:04 350744 ----a-w- c:\windows\system32\hkcmd.exe

2011-01-12 19:54 . 2010-03-05 02:04 258048 ----a-w- c:\windows\system32\hccutils.dll

2011-01-12 19:54 . 2010-03-05 02:04 23040 ----a-w- c:\windows\system32\IgfxExtps.dll

2011-01-12 19:54 . 2010-03-05 02:04 174616 ----a-w- c:\windows\system32\IgfxExt.exe

2011-01-12 19:54 . 2010-03-05 02:04 1418752 ----a-w- c:\windows\system32\igdumd32.dll

2010-12-23 16:29 . 2002-02-10 08:00 72748 ----a-w- c:\windows\unins000.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

"Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2010-12-02 175800]

"Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2010-12-14 241360]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-07-28 526992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-01 8505888]

"vncutil"="c:\program files\Realtek\Audio\HDA\vncutil.exe" [2010-03-01 358944]

"SmartWiHelper"="c:\program files\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]

"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-12 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-12 350744]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

c:\users\Rivka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]

Dropbox.lnk - c:\users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]

VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-22 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-22 29472]

R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-12-23 122880]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-02-20 91504]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 746864]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-23 1343400]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2009-02-09 22536]

R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 23712]

S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-10-08 122360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 Oasis2Service;Oasis2Service;c:\program files\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-25 46080]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2010-03-01 133664]

S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]

S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520]

S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]

S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]

S3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-02-15 68144]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]

S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-01-12 648832]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-01-21 9344]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 222064]

S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-01-22 14720]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 513392]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-01-20 316416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

Akamai REG_MULTI_SZ Akamai

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2011-02-23 c:\windows\Tasks\ARO 2011.job

- c:\program files\ARO 2011\ARO.exe [2011-02-23 16:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3616)

c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Sony\VAIO Care\VCSpt.exe

c:\program files\Sony\VAIO Power Management\SPMgr.exe

c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\windows\system32\DllHost.exe

c:\program files\Sony\VAIO Event Service\VESMgrSub.exe

c:\windows\system32\conhost.exe

c:\program files\Sony\VAIO Care\VCsystray.exe

c:\windows\system32\sppsvc.exe

c:\windows\System32\vds.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-02-25 12:34:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-02-25 19:34

ComboFix2.txt 2011-02-24 22:29

Pre-Run: 72,660,197,376 bytes free

Post-Run: 72,483,360,768 bytes free

- - End Of File - - 915023EFB939C54D6F59AC1820E09324

Link to post
Share on other sites

oops, sorry. See below (this time, the computer did not reboot. Hopefully, this is a good sign).

ComboFix 11-02-24.05 - Rivka 02/25/2011 13:41:50.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1127 [GMT -7:00]

Running from: c:\users\Rivka\Desktop\Combo-Fix.exe

Command switches used :: c:\users\Rivka\Desktop\CFScript.txt

AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))

.

2011-02-25 20:56 . 2011-02-25 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-25 13:29 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50438D47-114E-4C5E-98AA-8D7663ADF1E3}\mpengine.dll

2011-02-24 22:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-24 21:19 . 2011-02-25 20:56 -------- d-----w- c:\users\Rivka\AppData\Local\temp

2011-02-24 18:59 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-24 18:59 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-23 15:42 . 2011-02-23 15:42 -------- d-----w- c:\users\Rivka\AppData\Roaming\Log

2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\users\Rivka\AppData\Roaming\Malwarebytes

2011-02-23 01:50 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\programdata\Malwarebytes

2011-02-23 01:49 . 2011-02-23 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-23 01:49 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-23 01:31 . 2011-02-23 01:31 -------- d-----w- c:\users\Rivka\AppData\Roaming\Sammsoft

2011-02-23 01:30 . 2011-02-23 14:00 -------- d-----w- c:\program files\ARO 2011

2011-02-22 20:10 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2011-02-22 20:08 . 2011-02-22 20:08 -------- d-----w- c:\users\Rivka\AppData\Local\Sophos

2011-02-22 20:07 . 2010-09-23 01:47 112056 ----a-w- c:\windows\system32\acaptuser32.dll

2011-02-22 19:22 . 2011-02-22 19:57 -------- d-----w- c:\programdata\fEhPmMp08200

2011-02-17 20:58 . 2011-02-17 20:58 -------- d-----w- c:\users\Rivka\AppData\Local\ElevatedDiagnostics

2011-02-15 16:33 . 2011-02-15 16:33 256 ----a-w- c:\windows\system32\pool.bin

2011-02-15 16:13 . 2009-01-09 23:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys

2011-02-10 03:16 . 2011-02-16 20:32 -------- d-----w- c:\program files\Microsoft Silverlight

2011-02-03 20:47 . 2011-02-03 21:06 -------- d-----w- c:\users\Rivka\AppData\Roaming\Auslogics

2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\users\Rivka\AppData\Roaming\upromise

2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\program files\Upromise

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-13 21:19 . 2010-12-24 16:12 2516 --sha-w- c:\programdata\KGyGaAvL.sys

2011-02-03 00:11 . 2010-12-23 02:31 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-01 15:28 . 2010-12-24 16:12 88 --sh--r- c:\programdata\46BD3B2112.sys

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTRK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTHA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrNLD.lrc

2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrITA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrHUN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrFRA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrRUS.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTG.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPLK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrSVE.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrNOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrFIN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 204800 ----a-w- c:\windows\system32\igfxrTRK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 196608 ----a-w- c:\windows\system32\igfxrTHA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 188416 ----a-w- c:\windows\system32\igfxrHEB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrKOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrJPN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressSVE.lrc

2011-01-12 19:54 . 2010-03-05 02:04 502296 ----a-w- c:\windows\system32\igfxsrvc.exe

2011-01-12 19:54 . 2010-03-05 02:04 45056 ----a-w- c:\windows\system32\igfxsrvc.dll

2011-01-12 19:54 . 2010-03-05 02:04 137752 ----a-w- c:\windows\system32\igfxtray.exe

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTG.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPLK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressHUN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressESP.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressHEB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressFRA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressJPN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressITA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressKOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressDEU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressRUS.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNLD.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressDAN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressCSY.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressFIN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressENU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressELL.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHT.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHS.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressARA.lrc

2011-01-12 19:54 . 2010-03-05 02:04 3334144 ----a-w- c:\windows\system32\igfxress.dll

2011-01-12 19:54 . 2011-01-12 19:54 895512 ----a-w- c:\windows\system32\igfxcfg.exe

2011-01-12 19:54 . 2011-01-12 19:54 648832 ----a-w- c:\windows\system32\drivers\igdkmd32.sys

2011-01-12 19:54 . 2011-01-12 19:54 327680 ----a-w- c:\windows\system32\igfxcpl.cpl

2011-01-12 19:54 . 2011-01-12 19:54 307200 ----a-w- c:\windows\system32\igfxdo.dll

2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxres.dll

2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxrENU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrELL.lrc

2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrDEU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrESP.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrDAN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrCSY.lrc

2011-01-12 19:54 . 2011-01-12 19:54 200704 ----a-w- c:\windows\system32\igfxpph.dll

2011-01-12 19:54 . 2011-01-12 19:54 192512 ----a-w- c:\windows\system32\igfxrARA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHT.lrc

2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHS.lrc

2011-01-12 19:54 . 2010-08-06 12:45 977432 ----a-w- c:\windows\system32\lpgun.exe

2011-01-12 19:54 . 2010-03-05 02:04 350744 ----a-w- c:\windows\system32\hkcmd.exe

2011-01-12 19:54 . 2010-03-05 02:04 258048 ----a-w- c:\windows\system32\hccutils.dll

2011-01-12 19:54 . 2010-03-05 02:04 23040 ----a-w- c:\windows\system32\IgfxExtps.dll

2011-01-12 19:54 . 2010-03-05 02:04 174616 ----a-w- c:\windows\system32\IgfxExt.exe

2011-01-12 19:54 . 2010-03-05 02:04 1418752 ----a-w- c:\windows\system32\igdumd32.dll

2010-12-23 16:29 . 2002-02-10 08:00 72748 ----a-w- c:\windows\unins000.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

"Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2010-12-02 175800]

"Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2010-12-14 241360]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-07-28 526992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-01 8505888]

"vncutil"="c:\program files\Realtek\Audio\HDA\vncutil.exe" [2010-03-01 358944]

"SmartWiHelper"="c:\program files\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]

"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-12 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-12 350744]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

c:\users\Rivka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]

Dropbox.lnk - c:\users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]

VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-22 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-22 29472]

R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-12-23 122880]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-02-20 91504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-23 1343400]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2009-02-09 22536]

R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 23712]

S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-10-08 122360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 Oasis2Service;Oasis2Service;c:\program files\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-25 46080]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2010-03-01 133664]

S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]

S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520]

S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]

S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]

S3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-02-15 68144]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]

S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-01-12 648832]

S3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-01-21 9344]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 222064]

S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-01-22 14720]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 513392]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 746864]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-01-20 316416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

Akamai REG_MULTI_SZ Akamai

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2011-02-23 c:\windows\Tasks\ARO 2011.job

- c:\program files\ARO 2011\ARO.exe [2011-02-23 16:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6908)

c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

.

Completion time: 2011-02-25 14:01:10

ComboFix-quarantined-files.txt 2011-02-25 21:01

ComboFix2.txt 2011-02-25 19:34

ComboFix3.txt 2011-02-24 22:29

Pre-Run: 72,560,517,120 bytes free

Post-Run: 72,583,454,720 bytes free

- - End Of File - - 002D4E653A1989C4F76AB636C7B4A72A

Link to post
Share on other sites

No, it's not working.

Open Notepad and copy and paste the text in the code box below into it:

Folder::
c:\programdata\fEhPmMp08200

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

How about now? For some reason, I had not copied the 'Folder::' part... silly me, sorry.

ComboFix 11-02-25.01 - Rivka 02/26/2011 6:51.4.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.952 [GMT -7:00]

Running from: c:\users\Rivka\Desktop\Combo-Fix.exe

Command switches used :: c:\users\Rivka\Desktop\CFScript.txt

AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\fEhPmMp08200

c:\programdata\fEhPmMp08200\fEhPmMp08200

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\atapi.sys

.

((((((((((((((((((((((((( Files Created from 2011-01-26 to 2011-02-26 )))))))))))))))))))))))))))))))

.

2011-02-26 14:05 . 2011-02-26 14:12 -------- d-----w- c:\users\Rivka\AppData\Local\temp

2011-02-26 14:05 . 2011-02-26 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-25 13:29 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50438D47-114E-4C5E-98AA-8D7663ADF1E3}\mpengine.dll

2011-02-24 22:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-24 18:59 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-24 18:59 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-23 15:42 . 2011-02-23 15:42 -------- d-----w- c:\users\Rivka\AppData\Roaming\Log

2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\users\Rivka\AppData\Roaming\Malwarebytes

2011-02-23 01:50 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:50 . 2011-02-23 01:50 -------- d-----w- c:\programdata\Malwarebytes

2011-02-23 01:49 . 2011-02-23 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-23 01:49 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-23 01:31 . 2011-02-23 01:31 -------- d-----w- c:\users\Rivka\AppData\Roaming\Sammsoft

2011-02-23 01:30 . 2011-02-23 14:00 -------- d-----w- c:\program files\ARO 2011

2011-02-22 20:10 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2011-02-22 20:08 . 2011-02-22 20:08 -------- d-----w- c:\users\Rivka\AppData\Local\Sophos

2011-02-22 20:07 . 2010-09-23 01:47 112056 ----a-w- c:\windows\system32\acaptuser32.dll

2011-02-17 20:58 . 2011-02-17 20:58 -------- d-----w- c:\users\Rivka\AppData\Local\ElevatedDiagnostics

2011-02-15 16:33 . 2011-02-15 16:33 256 ----a-w- c:\windows\system32\pool.bin

2011-02-15 16:13 . 2009-01-09 23:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys

2011-02-10 03:16 . 2011-02-16 20:32 -------- d-----w- c:\program files\Microsoft Silverlight

2011-02-03 20:47 . 2011-02-03 21:06 -------- d-----w- c:\users\Rivka\AppData\Roaming\Auslogics

2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\users\Rivka\AppData\Roaming\upromise

2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\program files\Upromise

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-13 21:19 . 2010-12-24 16:12 2516 --sha-w- c:\programdata\KGyGaAvL.sys

2011-02-03 00:11 . 2010-12-23 02:31 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-01 15:28 . 2010-12-24 16:12 88 --sh--r- c:\programdata\46BD3B2112.sys

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTRK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressTHA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrNLD.lrc

2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrITA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrHUN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 217088 ----a-w- c:\windows\system32\igfxrFRA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrRUS.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTG.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPTB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 212992 ----a-w- c:\windows\system32\igfxrPLK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrSVE.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrNOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrFIN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 204800 ----a-w- c:\windows\system32\igfxrTRK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 196608 ----a-w- c:\windows\system32\igfxrTHA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 188416 ----a-w- c:\windows\system32\igfxrHEB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrKOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 163840 ----a-w- c:\windows\system32\igfxrJPN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressSVE.lrc

2011-01-12 19:54 . 2010-03-05 02:04 502296 ----a-w- c:\windows\system32\igfxsrvc.exe

2011-01-12 19:54 . 2010-03-05 02:04 45056 ----a-w- c:\windows\system32\igfxsrvc.dll

2011-01-12 19:54 . 2010-03-05 02:04 137752 ----a-w- c:\windows\system32\igfxtray.exe

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTG.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPTB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressPLK.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressHUN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3362816 ----a-w- c:\windows\system32\igfxressESP.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressHEB.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3350528 ----a-w- c:\windows\system32\igfxressFRA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressJPN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3346432 ----a-w- c:\windows\system32\igfxressITA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressKOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3342336 ----a-w- c:\windows\system32\igfxressDEU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressRUS.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNOR.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressNLD.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressDAN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3338240 ----a-w- c:\windows\system32\igfxressCSY.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressFIN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressENU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressELL.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHT.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3334144 ----a-w- c:\windows\system32\igfxressCHS.lrc

2011-01-12 19:54 . 2011-01-12 19:54 3354624 ----a-w- c:\windows\system32\igfxressARA.lrc

2011-01-12 19:54 . 2010-03-05 02:04 3334144 ----a-w- c:\windows\system32\igfxress.dll

2011-01-12 19:54 . 2011-01-12 19:54 895512 ----a-w- c:\windows\system32\igfxcfg.exe

2011-01-12 19:54 . 2011-01-12 19:54 648832 ----a-w- c:\windows\system32\drivers\igdkmd32.sys

2011-01-12 19:54 . 2011-01-12 19:54 327680 ----a-w- c:\windows\system32\igfxcpl.cpl

2011-01-12 19:54 . 2011-01-12 19:54 307200 ----a-w- c:\windows\system32\igfxdo.dll

2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxres.dll

2011-01-12 19:54 . 2011-01-12 19:54 233472 ----a-w- c:\windows\system32\igfxrENU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrELL.lrc

2011-01-12 19:54 . 2011-01-12 19:54 225280 ----a-w- c:\windows\system32\igfxrDEU.lrc

2011-01-12 19:54 . 2011-01-12 19:54 221184 ----a-w- c:\windows\system32\igfxrESP.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrDAN.lrc

2011-01-12 19:54 . 2011-01-12 19:54 208896 ----a-w- c:\windows\system32\igfxrCSY.lrc

2011-01-12 19:54 . 2011-01-12 19:54 200704 ----a-w- c:\windows\system32\igfxpph.dll

2011-01-12 19:54 . 2011-01-12 19:54 192512 ----a-w- c:\windows\system32\igfxrARA.lrc

2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHT.lrc

2011-01-12 19:54 . 2011-01-12 19:54 147456 ----a-w- c:\windows\system32\igfxrCHS.lrc

2011-01-12 19:54 . 2010-08-06 12:45 977432 ----a-w- c:\windows\system32\lpgun.exe

2011-01-12 19:54 . 2010-03-05 02:04 350744 ----a-w- c:\windows\system32\hkcmd.exe

2011-01-12 19:54 . 2010-03-05 02:04 258048 ----a-w- c:\windows\system32\hccutils.dll

2011-01-12 19:54 . 2010-03-05 02:04 23040 ----a-w- c:\windows\system32\IgfxExtps.dll

2011-01-12 19:54 . 2010-03-05 02:04 174616 ----a-w- c:\windows\system32\IgfxExt.exe

2011-01-12 19:54 . 2010-03-05 02:04 1418752 ----a-w- c:\windows\system32\igdumd32.dll

2010-12-23 16:29 . 2002-02-10 08:00 72748 ----a-w- c:\windows\unins000.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

"Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2010-12-02 175800]

"Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2010-12-14 241360]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-07-28 526992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-01 8505888]

"vncutil"="c:\program files\Realtek\Audio\HDA\vncutil.exe" [2010-03-01 358944]

"SmartWiHelper"="c:\program files\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]

"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-12 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-12 350744]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

c:\users\Rivka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]

Dropbox.lnk - c:\users\Rivka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]

VAIO Messenger.lnk - c:\program files\DDNi\Oasis\Delay.exe [2010-7-14 14176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-22 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-22 29472]

R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-12-23 122880]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-02-20 91504]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 746864]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-23 1343400]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-01-20 316416]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2009-02-09 22536]

R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 23712]

S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-10-08 122360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 Oasis2Service;Oasis2Service;c:\program files\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-25 46080]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2010-03-01 133664]

S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]

S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520]

S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]

S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]

S3 ApPS2;Alps StickPointer for VAIO;c:\windows\system32\drivers\ApPS2.sys [2010-02-15 68144]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]

S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-01-12 648832]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-01-21 9344]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 222064]

S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-01-22 14720]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 513392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

Akamai REG_MULTI_SZ Akamai

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2011-02-23 c:\windows\Tasks\ARO 2011.job

- c:\program files\ARO 2011\ARO.exe [2011-02-23 16:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3676)

c:\users\Rivka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\WUDFHost.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\windows\system32\DllHost.exe

c:\program files\Sony\VAIO Care\VCSpt.exe

c:\program files\Sony\VAIO Power Management\SPMgr.exe

c:\program files\Sony\VAIO Event Service\VESMgrSub.exe

c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe

c:\windows\System32\rundll32.exe

c:\windows\system32\conhost.exe

c:\program files\Sony\VAIO Care\VCsystray.exe

c:\windows\System32\vds.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-02-26 07:16:36 - machine was rebooted

ComboFix-quarantined-files.txt 2011-02-26 14:16

ComboFix2.txt 2011-02-25 21:01

ComboFix3.txt 2011-02-25 19:34

ComboFix4.txt 2011-02-24 22:29

Pre-Run: 72,230,580,224 bytes free

Post-Run: 72,185,815,040 bytes free

- - End Of File - - 9B5FECD00575DF355B08B61C0D414389

Link to post
Share on other sites

About antivirus and the other suggestions in my last step and yes, we're done. :)

Step 1

Go to Start => Run... and copy & paste next command in the field:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Note: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete DDS and TDSSKiller.

Step 3

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.