Jump to content

Recommended Posts

Hi,

This system was infected with malware and cleaned by MBAM. Google and Yahoo pages sometimes load but then fail.

Thanks

Bob

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Brian at 18:03:04.21 on 05/04/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.261 [GMT 1:00]

.

AV: Smart Internet Protection 2011 *Enabled/Updated* {BFB383B4-A24B-4C4C-B5AA-9838A82EE0E1}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Smart Internet Protection 2011 *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Kontiki\KHost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Brian\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Brian\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://uk.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = http=127.0.0.1

uSearchAssistant =

mSearchAssistant =

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No File

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [kdx] c:\program files\kontiki\KHost.exe -all

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [EPSON Stylus D120 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticce.exe /fu "c:\windows\temp\E_S8F.tmp" /EF "HKCU"

uRun: [EPSON Stylus D120 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_faticce.exe /fu "c:\windows\temp\E_S5.tmp" /EF "HKCU"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\brian\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [Mouse Suite 98 Daemon] ICO.EXE

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe

mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [VAIO Update 5] "c:\program files\sony\vaio update 5\VAIOUpdt.exe" /Stationary

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQAtAE4ATAAzAEQAQQAtAEMAQgBVAEsASAAtAEoARgA3AE0AOQA"&"inst=NwA3AC0ANAAzADUANQA2ADIANAAzADEALQBUADQALQBVADgANQArADEALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAEYAUAA5ADIAKwA2AC0AQgBBAFIAOQBPACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADEAMABBACsAMQA"&"prod=90"&"ver=9.0.872

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\brian\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\brian\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-explorer: DisallowRun = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: google.com\mail

Trusted Zone: sony-europe.com

Trusted Zone: sonystyle-europe.com

Trusted Zone: vaio-link.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EE479A40-C128-40DD-93DA-000556AF9607} - hxxp://79.141.135.200/CtrWeb.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: strchk - {38459BCA-174D-44AE-07C4-068C0555EBB1} - No File

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

IFEO: image file execution options - svchost.exe

Hosts: 204.152.194.204 www.google.com

Hosts: 204.152.194.204 google.com

Hosts: 204.152.194.204 google.com.au

Hosts: 204.152.194.204 www.google.com.au

Hosts: 204.152.194.204 google.be

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\brian\applic~1\mozilla\firefox\profiles\ttvl9b0w.default\

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\brian\application data\mozilla\plugins\npoctoshape.dll

FF - plugin: c:\documents and settings\brian\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsl3cd75d5f;MpKsl3cd75d5f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71ee8b59-accf-404a-9716-811d03933ba9}\mpksl3cd75d5f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71ee8b59-accf-404a-9716-811d03933ba9}\MpKsl3cd75d5f.sys [?]

R1 MpKsldfa89ab5;MpKsldfa89ab5;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d469d467-cf94-4429-9e02-9d51cbdad2d2}\MpKsldfa89ab5.sys [2011-4-5 28752]

R1 MpKslfbe2953e;MpKslfbe2953e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71ee8b59-accf-404a-9716-811d03933ba9}\mpkslfbe2953e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71ee8b59-accf-404a-9716-811d03933ba9}\MpKslfbe2953e.sys [?]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-6 390528]

R1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\23945\RapportCerberus_23945.sys [2011-2-28 55224]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-1 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-21 47640]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]

R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\23645\RapportIaso.sys [2011-2-27 18872]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]

S1 MpKsl06bac542;MpKsl06bac542;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e2fdc781-7a8b-47cc-b639-5d59010eed50}\mpksl06bac542.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e2fdc781-7a8b-47cc-b639-5d59010eed50}\MpKsl06bac542.sys [?]

S1 MpKsl0e3d199b;MpKsl0e3d199b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dbc7bd73-4d35-4cfa-b2d2-91226f7b644c}\mpksl0e3d199b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dbc7bd73-4d35-4cfa-b2d2-91226f7b644c}\MpKsl0e3d199b.sys [?]

S1 MpKsl10499628;MpKsl10499628;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d2ab958-1e4f-4f6d-b6a0-8e6ada7658f3}\mpksl10499628.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d2ab958-1e4f-4f6d-b6a0-8e6ada7658f3}\MpKsl10499628.sys [?]

S1 MpKsl31e0c75d;MpKsl31e0c75d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{87098062-704c-4366-a320-379c361fabce}\mpksl31e0c75d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{87098062-704c-4366-a320-379c361fabce}\MpKsl31e0c75d.sys [?]

S1 MpKsl3bb2cfff;MpKsl3bb2cfff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dbc7bd73-4d35-4cfa-b2d2-91226f7b644c}\mpksl3bb2cfff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dbc7bd73-4d35-4cfa-b2d2-91226f7b644c}\MpKsl3bb2cfff.sys [?]

S1 MpKsl4313193e;MpKsl4313193e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d464215b-5d8f-47bf-908e-441eead00ab9}\mpksl4313193e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d464215b-5d8f-47bf-908e-441eead00ab9}\MpKsl4313193e.sys [?]

S1 MpKsl4d6c4366;MpKsl4d6c4366;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b5b1f9c-5943-4b51-b8f0-3895578551e1}\mpksl4d6c4366.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b5b1f9c-5943-4b51-b8f0-3895578551e1}\MpKsl4d6c4366.sys [?]

S1 MpKsl602d6ba7;MpKsl602d6ba7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c698c57-0ef1-48e3-b041-f07ddcb2163b}\mpksl602d6ba7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c698c57-0ef1-48e3-b041-f07ddcb2163b}\MpKsl602d6ba7.sys [?]

S1 MpKsl71706152;MpKsl71706152;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5eac19a7-83c2-4e60-bd8d-18962fbf9d2d}\mpksl71706152.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5eac19a7-83c2-4e60-bd8d-18962fbf9d2d}\MpKsl71706152.sys [?]

S1 MpKsl76e60624;MpKsl76e60624;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e9a3431-81b2-48d7-a939-3194c55a0342}\mpksl76e60624.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e9a3431-81b2-48d7-a939-3194c55a0342}\MpKsl76e60624.sys [?]

S1 MpKsl7d35a3df;MpKsl7d35a3df;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d2ab958-1e4f-4f6d-b6a0-8e6ada7658f3}\mpksl7d35a3df.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d2ab958-1e4f-4f6d-b6a0-8e6ada7658f3}\MpKsl7d35a3df.sys [?]

S1 MpKsl83c4730c;MpKsl83c4730c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dbc7bd73-4d35-4cfa-b2d2-91226f7b644c}\mpksl83c4730c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dbc7bd73-4d35-4cfa-b2d2-91226f7b644c}\MpKsl83c4730c.sys [?]

S1 MpKsl86bf4715;MpKsl86bf4715;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{919b3e31-c8b9-4133-9d20-b8f49086f961}\mpksl86bf4715.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{919b3e31-c8b9-4133-9d20-b8f49086f961}\MpKsl86bf4715.sys [?]

S1 MpKsl8b35b6c9;MpKsl8b35b6c9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{952cf144-a4ab-41a6-8bb3-2379af67a1a6}\mpksl8b35b6c9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{952cf144-a4ab-41a6-8bb3-2379af67a1a6}\MpKsl8b35b6c9.sys [?]

S1 MpKsl8e915cac;MpKsl8e915cac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa61333d-a6be-43cb-98d3-1becc66c2a6d}\mpksl8e915cac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa61333d-a6be-43cb-98d3-1becc66c2a6d}\MpKsl8e915cac.sys [?]

S1 MpKsl8fdd0bdb;MpKsl8fdd0bdb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d2ab958-1e4f-4f6d-b6a0-8e6ada7658f3}\mpksl8fdd0bdb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d2ab958-1e4f-4f6d-b6a0-8e6ada7658f3}\MpKsl8fdd0bdb.sys [?]

S1 MpKsl95f43061;MpKsl95f43061;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{919b3e31-c8b9-4133-9d20-b8f49086f961}\mpksl95f43061.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{919b3e31-c8b9-4133-9d20-b8f49086f961}\MpKsl95f43061.sys [?]

S1 MpKslb3548842;MpKslb3548842;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{281d1c3f-9da0-4ace-93f4-611de6b3efaf}\mpkslb3548842.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{281d1c3f-9da0-4ace-93f4-611de6b3efaf}\MpKslb3548842.sys [?]

S1 MpKslb4bb4e19;MpKslb4bb4e19;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d20d5601-eb3b-4c12-ba07-5e8e92a60064}\mpkslb4bb4e19.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d20d5601-eb3b-4c12-ba07-5e8e92a60064}\MpKslb4bb4e19.sys [?]

S1 MpKslb66cf37a;MpKslb66cf37a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e2fdc781-7a8b-47cc-b639-5d59010eed50}\mpkslb66cf37a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e2fdc781-7a8b-47cc-b639-5d59010eed50}\MpKslb66cf37a.sys [?]

S1 MpKslb7b69a93;MpKslb7b69a93;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d464215b-5d8f-47bf-908e-441eead00ab9}\mpkslb7b69a93.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d464215b-5d8f-47bf-908e-441eead00ab9}\MpKslb7b69a93.sys [?]

S1 MpKslbb49b6b4;MpKslbb49b6b4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d20d5601-eb3b-4c12-ba07-5e8e92a60064}\mpkslbb49b6b4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d20d5601-eb3b-4c12-ba07-5e8e92a60064}\MpKslbb49b6b4.sys [?]

S1 MpKslc8b0b115;MpKslc8b0b115;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{faf8fc4d-3f41-434d-9b0f-323e68b5630f}\mpkslc8b0b115.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{faf8fc4d-3f41-434d-9b0f-323e68b5630f}\MpKslc8b0b115.sys [?]

S1 MpKslcae286be;MpKslcae286be;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bef0e7da-a778-46c0-a9e5-188e7e7f14a7}\mpkslcae286be.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bef0e7da-a778-46c0-a9e5-188e7e7f14a7}\MpKslcae286be.sys [?]

S1 MpKslce7d02aa;MpKslce7d02aa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d2ab958-1e4f-4f6d-b6a0-8e6ada7658f3}\mpkslce7d02aa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d2ab958-1e4f-4f6d-b6a0-8e6ada7658f3}\MpKslce7d02aa.sys [?]

S1 MpKsle30ebf1c;MpKsle30ebf1c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0f92335-1eb2-4ee0-8970-dc154eb5269f}\mpksle30ebf1c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0f92335-1eb2-4ee0-8970-dc154eb5269f}\MpKsle30ebf1c.sys [?]

S1 MpKsle42546ed;MpKsle42546ed;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec9ae6ac-89e5-4eea-ac6e-118d88867810}\mpksle42546ed.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec9ae6ac-89e5-4eea-ac6e-118d88867810}\MpKsle42546ed.sys [?]

S1 MpKsle71d9b90;MpKsle71d9b90;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e2fdc781-7a8b-47cc-b639-5d59010eed50}\mpksle71d9b90.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e2fdc781-7a8b-47cc-b639-5d59010eed50}\MpKsle71d9b90.sys [?]

S1 MpKslef1fea75;MpKslef1fea75;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{34ed162f-a281-455e-9cd3-7bbda9602102}\mpkslef1fea75.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{34ed162f-a281-455e-9cd3-7bbda9602102}\MpKslef1fea75.sys [?]

S1 MpKslf35b6884;MpKslf35b6884;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa61333d-a6be-43cb-98d3-1becc66c2a6d}\mpkslf35b6884.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa61333d-a6be-43cb-98d3-1becc66c2a6d}\MpKslf35b6884.sys [?]

S1 MpKslf4c2b316;MpKslf4c2b316;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88eddd42-b9b2-4e65-aee0-f24dd251fc85}\mpkslf4c2b316.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88eddd42-b9b2-4e65-aee0-f24dd251fc85}\MpKslf4c2b316.sys [?]

S1 MpKslffe0678e;MpKslffe0678e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d20d5601-eb3b-4c12-ba07-5e8e92a60064}\mpkslffe0678e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d20d5601-eb3b-4c12-ba07-5e8e92a60064}\MpKslffe0678e.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-4 136176]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-4-21 722288]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 Nulvcwsnipww;Nulvcwsnipww; [x]

.

=============== Created Last 30 ================

.

2011-04-05 16:56:50 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{d469d467-cf94-4429-9e02-9d51cbdad2d2}\MpKsldfa89ab5.sys

2011-04-05 16:55:40 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{d469d467-cf94-4429-9e02-9d51cbdad2d2}\mpengine.dll

2011-03-28 23:29:28 -------- d-----w- c:\docume~1\brian\locals~1\applic~1\Microsoft Help

.

==================== Find3M ====================

.

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 21:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 19:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 18:06:08.75 ===============

attach.zip

Link to post
Share on other sites

post-32477-1261866970.gif

You have a fake anti-virus and Firewall program

AV: Smart Internet Protection 2011 *Enabled/Updated* {BFB383B4-A24B-4C4C-B5AA-9838A82EE0E1}

FW: Smart Internet Protection 2011 *Enabled*

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please do not delete anything unless instructed to.

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Next:

Close all browsers before running ATF: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.