Jump to content

Recommended Posts

Hi my name is Miguel and Ive been trying to get rid of this problem for over 2 weeks now. I am using MBAM and when ever I scan my laptop the malware appears even tho MBAM said its been quarantined and successfully deleted. I scan my laptop everyday but no luck. I would really appreciate it if someone can help me.

This is the log file from my last scan

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6678

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/1/2011 3:33:08 PM

mbam-log-2011-06-01 (15-33-08).txt

Scan type: Quick scan

Objects scanned: 175363

Time elapsed: 15 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\networkservice\application data\02000000d2b2c03e1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\02000000d2b2c03e1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\02000000d2b2c03e1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\02000000d2b2c03e1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000d2b2c03e1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000d2b2c03e1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000d2b2c03e1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000d2b2c03e1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

============================================================================================================================================================================================

This is my DDS.txt

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Admisterator at 15:17:51 on 2011-06-01

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.439 [GMT -7:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

C:\WINDOWS\system32\ipxwan32.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\hccoin32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\Program Files\Common Files\AOL\1274402213\ee\AOLHostManager.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

svchost.exe

C:\Program Files\Common Files\AOL\1274402213\ee\AOLServiceHost.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Admisterator\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.sony.com/vaiopeople

uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll

mURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 3.0\aoltb.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: WhiteSmoke Toolbar: {e4709dfb-a47d-451c-957d-e78d25263cb8} - c:\program files\whitesmoketoolbar\vmntemplateX.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: WhiteSmoke Toolbar: {e4709dfb-a47d-451c-957d-e78d25263cb8} - c:\program files\whitesmoketoolbar\vmntemplateX.dll

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe

mRun: [ExecAfterFirstBoot] c:\windows\sonysys\eflyer\execafterfirstboot.exe /fc:\windows\sonysys\docs\Latest Information.pdf /d4

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

mRun: [AppMon Utility] c:\program files\sony\appmonutil\AppMonUtility.exe @@@Start

mRun: [switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe

mRun: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe

mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"

mRun: [HostManager] c:\program files\common files\aol\1274402213\ee\AOLHostManager.exe

mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-us\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Notify: VESWinlogon - VESWinlogon.dll

AppInit_DLLs: c:\windows\system32\LFCMP10N32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {C6655B5B-3926-4251-B191-E4F632438879} - rundll32.exe "c:\documents and settings\admisterator\application data\sun\mag0.dll", UnregisterDll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\admisterator\application data\mozilla\firefox\profiles\tmor1fig.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\admisterator\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: accessibility.typeaheadfind.flashBar - 0

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1306361913

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1306358038

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1306362945

FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1305785354

FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1301292541

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1306368308

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576

FF - user.js: browser.download.lastDir - c:\\documents and settings\\admisterator\\Desktop

FF - user.js: browser.download.manager.alertOnEXEOpen - true

FF - user.js: browser.migration.version - 5

FF - user.js: browser.offline - false

FF - user.js: browser.places.importBookmarksHTML - false

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.preferences.advanced.selectedTabIndex - 3

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.shell.checkDefaultBrowser - false

FF - user.js: browser.startup.homepage_override.buildID - 20110413222027

FF - user.js: browser.startup.homepage_override.mstone - rv:2.0.1

FF - user.js: extensions.blocklist.pingCountTotal - 48

FF - user.js: extensions.blocklist.pingCountVersion - 24

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 3

FF - user.js: extensions.enabledAddons - {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906,{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{4657d197-2477-4cb0-947c-f937daca08ad}:1.0,{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3,{baaf7c33-81de-4653-b8ca-56ff55dad0de}:1.0,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3,{417cbea5-8f4b-4588-9895-e539c345bc40}:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:4.0.1

FF - user.js: extensions.enabledItems - {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906,{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{abde892b-13a8-4d1b-88e6-365a6e755758}\:{\descriptor\:\c:\\\\documents and settings\\\\all users\\\\application data\\\\real\\\\realplayer\\\\browserrecordplugin\\\\firefox\\\\ext\,\mtime\:1305981412453}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1304183121343},\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\,\mtime\:1296291357858},\{cafeefac-0016-0000-0018-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0018-abcdeffedcba}\,\mtime\:1274570556296},\{cafeefac-0016-0000-0022-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0022-abcdeffedcba}\,\mtime\:1299007447625}}},{\name\:\app-profile\,\addons\:{\{417cbea5-8f4b-4588-9895-e539c345bc40}\:{\descriptor\:\c:\\\\documents and settings\\\\admisterator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\tmor1fig.default\\\\extensions\\\\{417cbea5-8f4b-4588-9895-e539c345bc40}\,\mtime\:1306378761640},\{4657d197-2477-4cb0-947c-f937daca08ad}\:{\descriptor\:\c:\\\\documents and settings\\\\admisterator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\tmor1fig.default\\\\extensions\\\\{4657d197-2477-4cb0-947c-f937daca08ad}\,\mtime\:1304561523154},\{baaf7c33-81de-4653-b8ca-56ff55dad0de}\:{\descriptor\:\c:\\\\documents and settings\\\\admisterator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\tmor1fig.default\\\\extensions\\\\{baaf7c33-81de-4653-b8ca-56ff55dad0de}\,\mtime\:1305926129350},\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\:{\descriptor\:\c:\\\\documents and settings\\\\admisterator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\tmor1fig.default\\\\extensions\\\\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi\,\mtime\:1305608874343}}}]

FF - user.js: extensions.lastAppVersion - 4.0.1

FF - user.js: extensions.pendingOperations - false

FF - user.js: extensions.skype_toolbar.version - 5.0.0.6906

FF - user.js: gfx.blacklist.layers.direct3d9 - 2

FF - user.js: greasemonkey.haveInsertedToolbarbutton - true

FF - user.js: greasemonkey.scriptvals.znerp/facebook colour changer.setup - ({colour1:\#7e0ec5\, colour2:\#040008\})

FF - user.js: greasemonkey.scriptvals.znerp/facebook colour changer.usoCheckup:age - 1306250358

FF - user.js: greasemonkey.scriptvals.znerp/facebook colour changer.usoCheckup:backoff - 5

FF - user.js: greasemonkey.version - 0.9.3

FF - user.js: idle.lastDailyNotification - 1306375848

FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-1, UTF-8, windows-1252

FF - user.js: lightweightThemes.isThemeSelected - true

FF - user.js: lightweightThemes.persisted.footerURL - true

FF - user.js: lightweightThemes.persisted.headerURL - true

FF - user.js: lightweightThemes.usedThemes - [{\id\:\357511\,\name\:\tigers matter\,\headerurl\:\hxxp://getpersonas-cdn.mozilla.net/static/1/1/357511/h_tigersmatter.jpg?1302025861\,\footerurl\:\http://getpersonas-cdn.mozilla.net/static/1/1/357511/f_tigersmatter.jpg?1302025861\,\textcolor\:\#ffffff\,\accentcolor\:\#000000\,\iconurl\:\http://getpersonas-cdn.mozilla.net/static/1/1/357511/preview_small.jpg?1302025861\,\previewurl\:\http://getpersonas-cdn.mozilla.net/static/1/1/357511/preview.jpg?1302025861\,\author\:\eatingstick\,\description\:\adjusted to firefox 4.\\u000d\\u000atigers are considered an umbrella species, and as such, trigger a top down chain of species die outs and habitat failure with their extinction. once an apex predator dies off, former prey populations that were once controlled by predation become rampant in numbers without a food source to sustain them.\,\updateurl\:\https://www.getpersonas.com/en-us/update_check/357511\,\version\:\1302025861\,\updatedate\:1302220136970,\installdate\:1301521556041}]

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: network.proxy.type - 0

FF - user.js: places.database.lastMaintenance - 1306375848

FF - user.js: places.history.expiration.transient_current_max_pages - 32152

FF - user.js: privacy.cpd.siteSettings - true

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: privacy.sanitize.timeSpan - 0

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: services.sync.clients.lastSync - 0

FF - user.js: services.sync.clients.lastSyncLocal - 0

FF - user.js: services.sync.migrated - true

FF - user.js: services.sync.tabs.lastSync - 0

FF - user.js: services.sync.tabs.lastSyncLocal - 0

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1304123837

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1308963734

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

============= SERVICES / DRIVERS ===============

.

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-5-23 352656]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-7 54760]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-11-22 91456]

R2 NtLmSsp32;NT LM Security Support Provider ;c:\windows\system32\ipxwan32.exe [2011-5-2 692736]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]

R3 slim;Sony Lucid Integrated Mpeg encoder;c:\windows\system32\drivers\slim.sys [2006-6-13 698496]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-6-13 226304]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-1 38224]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]

S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-11-22 25856]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-11-22 42752]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-6-13 29184]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-5-20 1120960]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-05-30 23:41:20 -------- d-----w- c:\documents and settings\admisterator\local settings\application data\Xara

2011-05-29 08:19:02 -------- d-----w- c:\documents and settings\admisterator\application data\vmntemplate

2011-05-29 07:34:58 -------- d-----w- c:\documents and settings\admisterator\application data\whitesmoketoolbar

2011-05-29 07:15:28 -------- d-----w- c:\program files\whitesmoketoolbar

2011-05-26 07:09:24 -------- d-sha-r- C:\cmdcons

2011-05-26 07:07:33 98816 ----a-w- c:\windows\sed.exe

2011-05-26 07:07:33 518144 ----a-w- c:\windows\SWREG.exe

2011-05-26 07:07:33 256512 ----a-w- c:\windows\PEV.exe

2011-05-26 07:07:33 208896 ----a-w- c:\windows\MBR.exe

2011-05-26 03:57:21 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters

2011-05-25 23:45:25 -------- d-sh--w- c:\documents and settings\admisterator\IECompatCache

2011-05-25 21:57:52 -------- d-----w- c:\documents and settings\all users\application data\Nexon

2011-05-23 23:09:17 -------- d-----w- c:\documents and settings\all users\application data\IObit

2011-05-23 23:07:09 -------- d-----w- c:\documents and settings\admisterator\application data\IObit

2011-05-23 23:07:06 -------- d-----w- c:\program files\IObit

2011-05-22 09:30:48 -------- d-----w- c:\documents and settings\admisterator\application data\TeamViewer

2011-05-21 12:37:12 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll

2011-05-21 12:36:54 -------- d-----w- c:\program files\common files\xing shared

2011-05-21 12:36:44 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll

2011-05-21 12:36:41 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll

2011-05-21 11:53:07 -------- d-----w- c:\program files\AhnLab

2011-05-21 11:53:07 -------- d-----w- c:\documents and settings\admisterator\AppData

2011-05-19 21:09:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-05 06:21:00 -------- d-----w- c:\documents and settings\admisterator\application data\Malwarebytes

2011-05-03 21:05:23 0 ---ha-w- c:\documents and settings\admisterator\simpaytrtp.tmp

2011-05-03 01:20:29 692736 ----a-w- c:\windows\system32\hccoin32.exe

2011-05-03 01:20:29 155648 ----a-w- c:\windows\system32\LFCMP10N32.dll

2011-05-03 01:20:28 692736 ----a-w- c:\windows\system32\ipxwan32.exe

.

==================== Find3M ====================

.

2011-05-21 12:36:32 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-21 12:36:32 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-03-10 23:41:27 775 ----a-w- C:\cleanup.bat

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

.

============= FINISH: 15:21:07.71 ===============

And my DDS (Attach.txt)

attach.zip

I appreciate the help.

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Please do not delete anything unless instructed to.

1. launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

2. Save this text as fixme.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

3. Double-click on fixme.reg. When it asks you to merge the information to the registry click Yes.

4.Empty Recycle Bin

Reboot and "copy/paste" a new MBAM log file into this thread.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Please do not delete anything unless instructed to.

1. launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

2. Save this text as fixme.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

3. Double-click on fixme.reg. When it asks you to merge the information to the registry click Yes.

4.Empty Recycle Bin

Reboot and "copy/paste" a new MBAM log file into this thread.

Also please describe how your computer behaves at the moment.

I appreciate your help but when I try to merge the fixme.reg file it gives me an error saying I can't import the file. Also yesterday around 8pm my computer was attacked by another virus and I removed it.But after that I rebooted and get a blue screen saying something about iaStor.sys & now I'm forced to use safe mode. I am currently on safe mode.

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here is the log file for combofix.

ComboFix 11-06-02.02 - Admisterator 06/02/2011 16:52:07.9.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.600 [GMT -7:00]

Running from: c:\documents and settings\Admisterator\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

.

((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))

.

.

2011-06-02 21:32 . 2011-02-28 15:09 53248 ----a-w- c:\windows\system32\CSVer.dll

2011-06-02 21:31 . 2011-06-02 21:31 -------- d-----w- C:\Intel

2011-06-02 21:22 . 2011-06-02 21:22 -------- d-----w- c:\documents and settings\Admisterator\Application Data\SystemRequirementsLab

2011-06-02 21:18 . 2011-06-02 21:18 66048 ---ha-w- c:\windows\system32\calctson.dll

2011-06-02 03:51 . 2011-06-02 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit

2011-06-01 22:30 . 2011-06-01 22:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-06-01 22:30 . 2011-06-01 22:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-05-30 23:41 . 2011-05-30 23:41 -------- d-----w- c:\documents and settings\Admisterator\Local Settings\Application Data\Xara

2011-05-29 20:53 . 2011-05-29 20:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-05-29 20:26 . 2011-05-29 20:26 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-05-29 20:26 . 2011-05-29 20:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\vmntemplate

2011-05-29 08:19 . 2011-05-29 08:19 -------- d-----w- c:\documents and settings\Admisterator\Application Data\vmntemplate

2011-05-29 07:34 . 2011-05-30 20:47 -------- d-----w- c:\documents and settings\Admisterator\Application Data\whitesmoketoolbar

2011-05-29 07:15 . 2011-05-29 20:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar

2011-05-29 07:15 . 2011-05-29 07:15 -------- d-----w- c:\program files\whitesmoketoolbar

2011-05-26 05:09 . 2011-05-26 05:09 -------- d-----w- c:\documents and settings\Admisterator\Application Data\Notepad++

2011-05-26 03:57 . 2011-05-26 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2011-05-25 23:45 . 2011-05-25 23:45 -------- d-sh--w- c:\documents and settings\Admisterator\IECompatCache

2011-05-25 21:57 . 2011-05-25 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon

2011-05-23 23:09 . 2011-05-23 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-05-23 23:07 . 2011-05-23 23:07 -------- d-----w- c:\documents and settings\Admisterator\Application Data\IObit

2011-05-23 23:07 . 2011-05-23 23:14 -------- d-----w- c:\program files\IObit

2011-05-22 23:50 . 2011-05-23 03:02 -------- d-----w- c:\documents and settings\Admisterator\Application Data\Skype

2011-05-22 09:30 . 2011-05-22 09:41 -------- d-----w- c:\documents and settings\Admisterator\Application Data\TeamViewer

2011-05-21 12:37 . 2011-05-21 12:37 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll

2011-05-21 12:36 . 2011-05-21 12:36 -------- d-----w- c:\program files\Common Files\xing shared

2011-05-21 12:36 . 2011-05-21 12:36 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll

2011-05-21 12:36 . 2011-05-21 12:36 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll

2011-05-21 12:36 . 2011-05-21 12:36 -------- d-----w- c:\program files\Real

2011-05-21 11:53 . 2011-05-21 11:53 -------- d-----w- c:\program files\AhnLab

2011-05-21 11:53 . 2011-05-21 11:53 -------- d-----w- c:\documents and settings\Admisterator\AppData

2011-05-19 21:09 . 2011-05-19 21:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-10 06:29 . 2011-05-10 06:29 -------- d-----w- c:\documents and settings\Admisterator\Application Data\AdobeUM

2011-05-05 06:21 . 2011-05-05 06:21 -------- d-----w- c:\documents and settings\Admisterator\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 16:11 . 2011-01-01 08:07 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 16:11 . 2011-01-01 08:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-21 12:36 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-21 12:36 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-03 21:05 . 2011-05-03 21:05 0 ---ha-w- c:\documents and settings\Admisterator\simpaytrtp.tmp

2011-05-03 01:20 . 2011-05-03 01:20 155648 ----a-w- c:\windows\system32\LFCMP10N32.dll

2011-05-03 01:20 . 2011-05-03 01:20 692736 ----a-w- c:\windows\system32\hccoin32.exe

2011-05-03 01:20 . 2011-05-03 01:20 692736 ----a-w- c:\windows\system32\ipxwan32.exe

2011-03-10 23:41 . 2011-03-10 23:35 775 ----a-w- C:\cleanup.bat

2011-03-07 05:33 . 2006-06-13 18:07 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-30 17:05 . 2011-03-30 21:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-26_07.17.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-02 23:50 . 2011-06-02 23:50 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat

- 2006-06-13 11:03 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll

+ 2006-06-13 11:03 . 2008-04-13 23:12 74240 c:\windows\system32\usbui.dll

+ 2011-06-02 21:33 . 2008-04-13 17:36 68224 c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\pci.sys

+ 2011-06-02 21:32 . 2008-04-13 23:12 74240 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbui.dll

- 2006-06-13 19:39 . 2004-08-04 07:56 74240 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbui.dll

+ 2011-06-02 21:32 . 2008-04-13 17:45 59520 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbhub.sys

+ 2011-06-02 21:32 . 2008-04-13 18:45 30208 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbehci.sys

+ 2011-06-02 21:32 . 2008-04-13 23:12 74240 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbui.dll

- 2006-06-13 19:39 . 2004-08-04 07:56 74240 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbui.dll

+ 2011-06-02 21:32 . 2008-04-13 17:45 20608 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbuhci.sys

+ 2011-06-02 21:32 . 2008-04-13 17:45 59520 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbhub.sys

- 2006-06-13 19:39 . 2004-08-04 07:56 74240 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbui.dll

+ 2011-06-02 21:32 . 2008-04-13 23:12 74240 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbui.dll

+ 2011-06-02 21:32 . 2008-04-13 17:45 20608 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbuhci.sys

+ 2011-06-02 21:32 . 2008-04-13 17:45 59520 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbhub.sys

- 2006-06-13 19:39 . 2004-08-04 00:56 74240 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbui.dll

+ 2011-06-02 21:32 . 2008-04-13 23:12 74240 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbui.dll

+ 2011-06-02 21:32 . 2008-04-13 17:45 20608 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbuhci.sys

+ 2011-06-02 21:32 . 2008-04-13 17:45 59520 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbhub.sys

+ 2011-06-02 21:33 . 2008-04-13 18:36 37248 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\isapnp.sys

+ 2011-06-02 21:33 . 2008-04-13 17:36 68224 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\pci.sys

- 2006-06-13 19:39 . 2004-08-04 06:07 68224 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\pci.sys

- 2006-06-13 19:39 . 2004-08-04 06:07 68224 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\pci.sys

+ 2011-06-02 21:33 . 2008-04-13 17:36 68224 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\pci.sys

+ 2011-06-02 21:33 . 2008-04-13 17:36 68224 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\pci.sys

- 2006-06-13 19:39 . 2004-08-04 06:07 68224 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\pci.sys

+ 2011-06-02 21:32 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbui.dll

+ 2011-06-02 21:32 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbuhci.sys

+ 2011-06-02 21:32 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbhub.sys

+ 2011-06-02 21:32 . 2008-04-13 18:36 68224 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\pci.sys

+ 2004-08-03 23:08 . 2008-04-13 17:45 20608 c:\windows\system32\drivers\usbuhci.sys

- 2004-08-03 23:08 . 2008-04-13 18:45 20608 c:\windows\system32\drivers\usbuhci.sys

- 2004-08-03 23:08 . 2008-04-13 18:45 59520 c:\windows\system32\drivers\usbhub.sys

+ 2004-08-03 23:08 . 2008-04-13 17:45 59520 c:\windows\system32\drivers\usbhub.sys

- 2004-08-03 23:08 . 2008-04-13 18:45 30208 c:\windows\system32\drivers\usbehci.sys

+ 2004-08-03 23:08 . 2008-04-13 17:45 30208 c:\windows\system32\drivers\usbehci.sys

- 2004-08-03 23:07 . 2008-04-13 18:36 68224 c:\windows\system32\drivers\pci.sys

+ 2004-08-03 23:07 . 2008-04-13 17:36 68224 c:\windows\system32\drivers\pci.sys

+ 2001-08-17 13:58 . 2008-04-13 17:36 37248 c:\windows\system32\drivers\isapnp.sys

- 2001-08-17 13:58 . 2008-04-13 18:36 37248 c:\windows\system32\drivers\isapnp.sys

- 2006-06-13 18:11 . 2011-02-26 03:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2006-06-13 18:11 . 2011-05-29 21:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-05-21 00:20 . 2011-05-27 20:29 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2010-05-21 00:20 . 2011-05-25 23:47 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2010-05-21 00:20 . 2011-05-25 23:47 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2010-05-21 00:20 . 2011-05-27 20:29 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2010-05-21 00:20 . 2011-05-25 23:47 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2010-05-21 00:20 . 2011-05-27 20:29 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2010-05-21 00:20 . 2011-05-27 20:29 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2010-05-21 00:20 . 2011-05-25 23:47 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2011-06-02 21:32 . 2008-04-14 00:11 7168 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\hccoin.dll

- 2010-05-21 00:20 . 2011-05-25 23:47 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2010-05-21 00:20 . 2011-05-27 20:29 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2011-06-02 21:32 . 2008-04-13 17:45 143872 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbport.sys

+ 2011-06-02 21:32 . 2008-04-13 17:45 143872 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbport.sys

+ 2011-06-02 21:32 . 2008-04-13 17:45 143872 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbport.sys

+ 2011-06-02 21:32 . 2008-04-13 17:45 143872 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbport.sys

+ 2011-06-02 21:32 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbport.sys

- 2004-08-03 23:08 . 2008-04-13 18:45 143872 c:\windows\system32\drivers\usbport.sys

+ 2004-08-03 23:08 . 2008-04-13 17:45 143872 c:\windows\system32\drivers\usbport.sys

+ 2006-06-13 17:56 . 2007-03-21 19:58 304920 c:\windows\system32\drivers\iastor.sys

+ 2011-03-30 22:00 . 2011-05-30 12:08 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

- 2011-03-30 22:00 . 2011-03-30 22:26 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

+ 2011-06-02 03:22 . 2011-05-30 20:34 191070 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat

+ 2010-11-18 00:21 . 2011-06-01 22:30 380928 c:\windows\Installer\{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}\iTunesIco.exe

- 2010-11-18 00:21 . 2011-03-28 03:21 380928 c:\windows\Installer\{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}\iTunesIco.exe

- 2010-05-21 00:20 . 2011-05-25 23:47 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2010-05-21 00:20 . 2011-05-27 20:29 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2010-05-21 00:20 . 2011-05-25 23:47 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2010-05-21 00:20 . 2011-05-27 20:29 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2010-05-21 00:20 . 2011-05-25 23:47 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2010-05-21 00:20 . 2011-05-27 20:29 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2010-05-21 00:20 . 2011-05-25 23:47 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2010-05-21 00:20 . 2011-05-27 20:29 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2010-05-21 00:20 . 2011-05-25 23:47 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2010-05-21 00:20 . 2011-05-27 20:29 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2011-04-27 18:14 . 2011-04-27 18:14 5520384 c:\windows\Installer\227a7.msp

+ 2011-04-29 20:04 . 2011-04-29 20:04 5053440 c:\windows\Installer\22794.msp

+ 2010-06-01 18:47 . 2011-05-27 20:29 42829768 c:\windows\system32\MRT.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4709dfb-a47d-451c-957d-e78d25263cb8}]

2011-04-20 15:34 81920 ----a-w- c:\program files\whitesmoketoolbar\vmntemplateX.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e4709dfb-a47d-451c-957d-e78d25263cb8}"= "c:\program files\whitesmoketoolbar\vmntemplateX.dll" [2011-04-20 81920]

.

[HKEY_CLASSES_ROOT\clsid\{e4709dfb-a47d-451c-957d-e78d25263cb8}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-18 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-18 7561216]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-01-26 212992]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]

"ExecAfterFirstBoot"="c:\windows\SONYSYS\EFlyer\ExecAfterFirstBoot.exe" [2005-03-16 204800]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2006-03-15 40960]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]

"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]

"HostManager"="c:\program files\Common Files\AOL\1274402213\ee\AOLHostManager.exe" [2005-11-04 159832]

"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-21 273544]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\LFCMP10N32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^FrostWire On Startup.lnk]

backup=c:\windows\pss\FrostWire On Startup.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=

"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\RKMediaCenter.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\WINDOWS\\system32\\ipxwan32.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:ooVoo TCP port 443

"443:UDP"= 443:UDP:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

"57314:TCP"= 57314:TCP:Pando Media Booster

"57314:UDP"= 57314:UDP:Pando Media Booster

"1031:TCP"= 1031:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [5/23/2011 4:07 PM 352656]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/1/2011 1:07 AM 366640]

R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [11/22/2010 9:03 PM 91456]

R2 NtLmSsp32;NT LM Security Support Provider ;c:\windows\system32\ipxwan32.exe [5/2/2011 6:20 PM 692736]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/1/2011 1:07 AM 22712]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768]

R3 slim;Sony Lucid Integrated Mpeg encoder;c:\windows\system32\drivers\slim.sys [6/13/2006 10:56 AM 698496]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [6/13/2006 10:56 AM 226304]

S0 fsboyimv;fsboyimv;c:\windows\system32\drivers\dfynv.sys --> c:\windows\system32\drivers\dfynv.sys [?]

S0 hnmqaflg;hnmqaflg;c:\windows\system32\drivers\mrjdatj.sys --> c:\windows\system32\drivers\mrjdatj.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [11/22/2010 9:19 PM 25856]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/1/2011 1:07 AM 39984]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11/22/2010 9:19 PM 42752]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [6/13/2006 10:56 AM 29184]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

itlsvc REG_MULTI_SZ itlperf

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-VALUED-A1EE0837-Administrator.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-02 11:44]

.

2011-05-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-VALUED-A1EE0837-Admisterator.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-02 11:44]

.

2011-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

.

2011-05-23 c:\windows\Tasks\ASC4_AutoCare.job

- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-05-23 23:54]

.

2011-06-02 c:\windows\Tasks\ASC4_AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-05-23 23:54]

.

2011-06-02 c:\windows\Tasks\ASC4_AutoUpdate.job

- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-05-23 23:54]

.

2011-06-02 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-23 23:54]

.

2011-06-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-06-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2195036120-3092630378-280426032-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-05-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-06-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2195036120-3092630378-280426032-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.sony.com/vaiopeople

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Admisterator\Application Data\Mozilla\Firefox\Profiles\tmor1fig.default\

FF - prefs.js: network.proxy.type - 0

user_pref(security.warn_viewing_mixed,false);

user_pref(security.warn_viewing_mixed.show_once,false);

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

user_pref(security.warn_submit_insecure,false);

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-02 17:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,97,e1,e8,9d,ce,74,4f,93,a1,08,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,97,e1,e8,9d,ce,74,4f,93,a1,08,\

.

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]

@DACL=(02 0000)

@SACL=

"WinSock_Registry_Version"="2.0"

"Current_NameSpace_Catalog"="NameSpace_Catalog5"

"Current_Protocol_Catalog"="Protocol_Catalog9"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1280)

c:\windows\system32\WININET.dll

c:\windows\system32\VESWinlogon.dll

.

- - - - - - - > 'lsass.exe'(1344)

c:\windows\system32\WININET.dll

.

Completion time: 2011-06-02 17:08:18

ComboFix-quarantined-files.txt 2011-06-03 00:08

ComboFix2.txt 2011-05-31 00:18

ComboFix3.txt 2011-05-30 19:10

ComboFix4.txt 2011-05-29 09:09

ComboFix5.txt 2011-06-02 04:36

.

Pre-Run: 137,824,575,488 bytes free

Post-Run: 137,971,601,408 bytes free

.

- - End Of File - - 223F7ACF9B8987BBEE05DC73FD1270CB

I am able to use my laptop normally. But at times when I'm trying to get to a website it redirects me. I appreciate the help and waiting for further instructions.

Link to post
Share on other sites

***UPDATE***

This morning I was able to merge the fixme.reg file. After that I emptied my recycle bin and rebooted. It started up normally but then blue screen came up again. I'm currently in safe mode again & here is my latest MBAM log file

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6752

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

6/3/2011 6:07:32 AM

mbam-log-2011-06-03 (06-07-32).txt

Scan type: Quick scan

Objects scanned: 168348

Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\02000000d2b2c03e1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000d2b2c03e1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000d2b2c03e1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000d2b2c03e1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Use add/remove programs and uninstall:

whitesmoketoolbar

IObit

Next:

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\system32\LFCMP10N32.dll
c:\documents and settings\Admisterator\simpaytrtp.tmp
c:\windows\system32\hccoin32.exe
c:\windows\system32\ipxwan32.exe


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

sorry for the delay but here it is. I had difficulties the 1st couple tries blue screen kept messing me up.

ComboFix 11-06-04.02 - Admisterator 06/03/2011 15:25:01.14.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.621 [GMT -7:00]

Running from: c:\documents and settings\Admisterator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Admisterator\Desktop\CFScript.txt

.

FILE ::

"c:\documents and settings\Admisterator\simpaytrtp.tmp"

"c:\windows\system32\hccoin32.exe"

"c:\windows\system32\ipxwan32.exe"

"c:\windows\system32\LFCMP10N32.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NtLmSsp32

-------\Service_NtLmSsp32

.

.

((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))

.

.

2011-06-03 01:25 . 2011-06-03 01:27 -------- d-----w- c:\program files\iPod

2011-06-02 21:32 . 2011-02-28 15:09 53248 ----a-w- c:\windows\system32\CSVer.dll

2011-06-02 21:31 . 2011-06-02 21:31 -------- d-----w- C:\Intel

2011-06-02 21:22 . 2011-06-02 21:22 -------- d-----w- c:\documents and settings\Admisterator\Application Data\SystemRequirementsLab

2011-06-02 21:18 . 2011-06-02 21:18 66048 ---ha-w- c:\windows\system32\calctson.dll

2011-06-02 03:51 . 2011-06-02 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit

2011-06-01 22:30 . 2011-06-01 22:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-06-01 22:30 . 2011-06-01 22:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-05-30 23:41 . 2011-05-30 23:41 -------- d-----w- c:\documents and settings\Admisterator\Local Settings\Application Data\Xara

2011-05-29 20:53 . 2011-05-29 20:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-05-29 20:26 . 2011-05-29 20:26 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-05-29 20:26 . 2011-05-29 20:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\vmntemplate

2011-05-29 08:19 . 2011-05-29 08:19 -------- d-----w- c:\documents and settings\Admisterator\Application Data\vmntemplate

2011-05-29 07:15 . 2011-05-29 20:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar

2011-05-26 05:09 . 2011-05-26 05:09 -------- d-----w- c:\documents and settings\Admisterator\Application Data\Notepad++

2011-05-26 03:57 . 2011-05-26 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2011-05-25 23:45 . 2011-05-25 23:45 -------- d-sh--w- c:\documents and settings\Admisterator\IECompatCache

2011-05-25 21:57 . 2011-05-25 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon

2011-05-23 23:09 . 2011-05-23 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-05-23 23:07 . 2011-05-23 23:07 -------- d-----w- c:\documents and settings\Admisterator\Application Data\IObit

2011-05-23 23:07 . 2011-05-23 23:14 -------- d-----w- c:\program files\IObit

2011-05-22 23:50 . 2011-05-23 03:02 -------- d-----w- c:\documents and settings\Admisterator\Application Data\Skype

2011-05-22 09:30 . 2011-05-22 09:41 -------- d-----w- c:\documents and settings\Admisterator\Application Data\TeamViewer

2011-05-21 12:37 . 2011-05-21 12:37 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll

2011-05-21 12:36 . 2011-05-21 12:36 -------- d-----w- c:\program files\Common Files\xing shared

2011-05-21 12:36 . 2011-05-21 12:36 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll

2011-05-21 12:36 . 2011-05-21 12:36 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll

2011-05-21 12:36 . 2011-05-21 12:36 -------- d-----w- c:\program files\Real

2011-05-21 11:53 . 2011-05-21 11:53 -------- d-----w- c:\program files\AhnLab

2011-05-21 11:53 . 2011-05-21 11:53 -------- d-----w- c:\documents and settings\Admisterator\AppData

2011-05-19 21:09 . 2011-05-19 21:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-10 06:29 . 2011-05-10 06:29 -------- d-----w- c:\documents and settings\Admisterator\Application Data\AdobeUM

2011-05-05 06:21 . 2011-05-05 06:21 -------- d-----w- c:\documents and settings\Admisterator\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 16:11 . 2011-01-01 08:07 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 16:11 . 2011-01-01 08:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-21 12:36 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-21 12:36 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-03-10 23:41 . 2011-03-10 23:35 775 ----a-w- C:\cleanup.bat

2011-03-07 05:33 . 2006-06-13 18:07 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-30 17:05 . 2011-03-30 21:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-06-03_00.04.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-06-13 17:53 . 2004-04-12 12:00 88064 c:\windows\sysprep\sysprep.exe

+ 2006-06-13 17:53 . 2004-04-12 12:00 30208 c:\windows\sysprep\setupcl.exe

+ 2006-06-13 17:56 . 2004-01-14 01:37 36864 c:\windows\sysprep\puma.exe

+ 2006-06-13 17:53 . 2004-04-12 12:00 16384 c:\windows\sysprep\netcfg.exe

+ 2006-06-13 17:53 . 2004-04-12 12:00 141312 c:\windows\sysprep\factory.exe

+ 2006-06-13 17:56 . 2003-04-13 05:02 172133 c:\windows\sysprep\deltimer.exe

+ 2006-06-13 17:56 . 2003-04-09 22:12 11871576 c:\windows\sysprep\I386\$OEM$\DX9NTopk.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-18 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-18 7561216]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-01-26 212992]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]

"ExecAfterFirstBoot"="c:\windows\SONYSYS\EFlyer\ExecAfterFirstBoot.exe" [2005-03-16 204800]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2006-03-15 40960]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]

"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]

"HostManager"="c:\program files\Common Files\AOL\1274402213\ee\AOLHostManager.exe" [2005-11-04 159832]

"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-21 273544]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^FrostWire On Startup.lnk]

backup=c:\windows\pss\FrostWire On Startup.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=

"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\RKMediaCenter.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:ooVoo TCP port 443

"443:UDP"= 443:UDP:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

"57314:TCP"= 57314:TCP:Pando Media Booster

"57314:UDP"= 57314:UDP:Pando Media Booster

"1031:TCP"= 1031:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

S0 fsboyimv;fsboyimv;c:\windows\system32\drivers\dfynv.sys --> c:\windows\system32\drivers\dfynv.sys [?]

S0 hnmqaflg;hnmqaflg;c:\windows\system32\drivers\mrjdatj.sys --> c:\windows\system32\drivers\mrjdatj.sys [?]

S0 jiahkl;jiahkl;c:\windows\system32\drivers\hbnxaunn.sys --> c:\windows\system32\drivers\hbnxaunn.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/1/2011 1:07 AM 366640]

S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [11/22/2010 9:03 PM 91456]

S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688]

S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [11/22/2010 9:19 PM 25856]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/1/2011 1:07 AM 22712]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/1/2011 1:07 AM 39984]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11/22/2010 9:19 PM 42752]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]

S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432]

S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]

S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768]

S3 slim;Sony Lucid Integrated Mpeg encoder;c:\windows\system32\drivers\slim.sys [6/13/2006 10:56 AM 698496]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [6/13/2006 10:56 AM 29184]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]

S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [6/13/2006 10:56 AM 226304]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MDMXSDK

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

itlsvc REG_MULTI_SZ itlperf

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-VALUED-A1EE0837-Administrator.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-02 11:44]

.

2011-05-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-VALUED-A1EE0837-Admisterator.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-02 11:44]

.

2011-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

.

2011-06-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-06-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2195036120-3092630378-280426032-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-05-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2195036120-3092630378-280426032-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.sony.com/vaiopeople

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Admisterator\Application Data\Mozilla\Firefox\Profiles\tmor1fig.default\

FF - prefs.js: network.proxy.type - 0

user_pref(security.warn_viewing_mixed,false);

user_pref(security.warn_viewing_mixed.show_once,false);

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

user_pref(security.warn_submit_insecure,false);

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-03 15:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,97,e1,e8,9d,ce,74,4f,93,a1,08,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,97,e1,e8,9d,ce,74,4f,93,a1,08,\

.

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]

@DACL=(02 0000)

@SACL=

"WinSock_Registry_Version"="2.0"

"Current_NameSpace_Catalog"="NameSpace_Catalog5"

"Current_Protocol_Catalog"="Protocol_Catalog9"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(884)

c:\windows\system32\WININET.dll

c:\windows\system32\VESWinlogon.dll

.

- - - - - - - > 'lsass.exe'(944)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(460)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

.

Completion time: 2011-06-03 15:41:45 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-03 22:41

ComboFix2.txt 2011-06-03 02:19

ComboFix3.txt 2011-06-03 01:19

ComboFix4.txt 2011-06-03 00:08

ComboFix5.txt 2011-06-03 21:07

.

Pre-Run: 137,908,994,048 bytes free

Post-Run: 138,971,869,184 bytes free

.

- - End Of File - - 5DE0720741837E14F1B803E519AB0196

Link to post
Share on other sites

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Alright here it is.

2011/06/03 15:58:07.0437 1912 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/06/03 15:58:08.0062 1912 ================================================================================

2011/06/03 15:58:08.0062 1912 SystemInfo:

2011/06/03 15:58:08.0062 1912

2011/06/03 15:58:08.0062 1912 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/03 15:58:08.0062 1912 Product type: Workstation

2011/06/03 15:58:08.0062 1912 ComputerName: VALUED-A1EE0837

2011/06/03 15:58:08.0062 1912 UserName: Admisterator

2011/06/03 15:58:08.0062 1912 Windows directory: C:\WINDOWS

2011/06/03 15:58:08.0062 1912 System windows directory: C:\WINDOWS

2011/06/03 15:58:08.0062 1912 Processor architecture: Intel x86

2011/06/03 15:58:08.0062 1912 Number of processors: 2

2011/06/03 15:58:08.0062 1912 Page size: 0x1000

2011/06/03 15:58:08.0062 1912 Boot type: Safe boot with network

2011/06/03 15:58:08.0062 1912 ================================================================================

2011/06/03 15:58:08.0734 1912 Initialize success

2011/06/03 15:58:19.0656 0796 ================================================================================

2011/06/03 15:58:19.0656 0796 Scan started

2011/06/03 15:58:19.0656 0796 Mode: Manual;

2011/06/03 15:58:19.0656 0796 ================================================================================

2011/06/03 15:58:21.0437 0796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/03 15:58:21.0531 0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/06/03 15:58:21.0765 0796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/03 15:58:21.0843 0796 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/06/03 15:58:21.0937 0796 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/06/03 15:58:22.0359 0796 androidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys

2011/06/03 15:58:22.0453 0796 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/06/03 15:58:22.0562 0796 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/06/03 15:58:22.0937 0796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/03 15:58:23.0078 0796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/03 15:58:23.0187 0796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/03 15:58:23.0265 0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/03 15:58:23.0328 0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/03 15:58:23.0390 0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/03 15:58:23.0437 0796 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/06/03 15:58:23.0531 0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/03 15:58:23.0562 0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/03 15:58:23.0640 0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/03 15:58:23.0734 0796 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/06/03 15:58:23.0859 0796 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/06/03 15:58:24.0031 0796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/03 15:58:24.0093 0796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/03 15:58:24.0171 0796 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2011/06/03 15:58:24.0265 0796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/03 15:58:24.0312 0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/03 15:58:24.0375 0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/03 15:58:24.0484 0796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/03 15:58:24.0593 0796 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/06/03 15:58:24.0656 0796 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/06/03 15:58:24.0781 0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/03 15:58:24.0875 0796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/06/03 15:58:24.0953 0796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/03 15:58:25.0015 0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/06/03 15:58:25.0093 0796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/03 15:58:25.0234 0796 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/06/03 15:58:25.0312 0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/03 15:58:25.0375 0796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/03 15:58:25.0421 0796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/06/03 15:58:25.0468 0796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/03 15:58:25.0515 0796 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/06/03 15:58:25.0578 0796 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys

2011/06/03 15:58:25.0640 0796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/03 15:58:25.0734 0796 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/06/03 15:58:25.0796 0796 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/06/03 15:58:25.0921 0796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/03 15:58:26.0109 0796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/03 15:58:26.0250 0796 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys

2011/06/03 15:58:26.0359 0796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/03 15:58:26.0515 0796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/03 15:58:26.0609 0796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/03 15:58:26.0718 0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/03 15:58:26.0812 0796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/03 15:58:26.0875 0796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/03 15:58:26.0984 0796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/03 15:58:27.0062 0796 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys

2011/06/03 15:58:27.0109 0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/03 15:58:27.0156 0796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/03 15:58:27.0343 0796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/03 15:58:27.0406 0796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/03 15:58:27.0453 0796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/03 15:58:27.0578 0796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/03 15:58:27.0734 0796 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys

2011/06/03 15:58:27.0796 0796 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011/06/03 15:58:27.0828 0796 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/06/03 15:58:27.0890 0796 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/06/03 15:58:27.0921 0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/03 15:58:27.0968 0796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/03 15:58:28.0031 0796 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys

2011/06/03 15:58:28.0140 0796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/03 15:58:28.0218 0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/03 15:58:28.0296 0796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/03 15:58:28.0390 0796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/03 15:58:28.0562 0796 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/03 15:58:28.0656 0796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/03 15:58:28.0734 0796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/03 15:58:28.0781 0796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/03 15:58:28.0843 0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/03 15:58:28.0890 0796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/03 15:58:29.0000 0796 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/06/03 15:58:29.0140 0796 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/03 15:58:29.0250 0796 Mvc25U870_VID_1262&PID_25FD (c4d5bc0a947581dea2c774f9f609b527) C:\WINDOWS\system32\Drivers\Mvc25U870.sys

2011/06/03 15:58:29.0312 0796 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/06/03 15:58:29.0437 0796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/03 15:58:29.0515 0796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/06/03 15:58:29.0578 0796 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/03 15:58:29.0640 0796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/03 15:58:29.0687 0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/03 15:58:29.0750 0796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/03 15:58:29.0812 0796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/03 15:58:29.0937 0796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/03 15:58:30.0031 0796 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/06/03 15:58:30.0125 0796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/03 15:58:30.0218 0796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/03 15:58:30.0296 0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/03 15:58:30.0421 0796 nv (fc3a514b80477f576727f94cd01a0973) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/06/03 15:58:30.0546 0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/03 15:58:30.0562 0796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/03 15:58:30.0625 0796 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/06/03 15:58:30.0703 0796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/06/03 15:58:30.0796 0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/03 15:58:30.0859 0796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/03 15:58:30.0953 0796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/03 15:58:31.0078 0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/03 15:58:31.0187 0796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/06/03 15:58:31.0671 0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/03 15:58:31.0750 0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/03 15:58:31.0796 0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/03 15:58:31.0875 0796 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/03 15:58:32.0203 0796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/03 15:58:32.0265 0796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/03 15:58:32.0359 0796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/03 15:58:32.0421 0796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/03 15:58:32.0515 0796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/03 15:58:32.0578 0796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/03 15:58:32.0656 0796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/03 15:58:32.0781 0796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/03 15:58:32.0906 0796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/03 15:58:33.0078 0796 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/06/03 15:58:33.0187 0796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/03 15:58:33.0281 0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/06/03 15:58:33.0421 0796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/06/03 15:58:33.0500 0796 Sftfs (14cb193ecd4e71a32446790f9ecf39dd) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys

2011/06/03 15:58:33.0609 0796 Sftplay (1f05637831caf19b069aaf361d720bb9) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys

2011/06/03 15:58:33.0671 0796 Sftredir (423628f17862593d7d43e02187f4c1b5) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys

2011/06/03 15:58:33.0718 0796 Sftvol (258ab73a01fa1b8d1a2a053c6bba5544) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys

2011/06/03 15:58:33.0843 0796 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys

2011/06/03 15:58:33.0890 0796 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

2011/06/03 15:58:34.0000 0796 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys

2011/06/03 15:58:34.0062 0796 slim (bf26aea9fc8e09bc1b59134fc11b9ea6) C:\WINDOWS\system32\drivers\slim.sys

2011/06/03 15:58:34.0156 0796 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/06/03 15:58:34.0250 0796 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys

2011/06/03 15:58:34.0343 0796 SonyImgF (fb77021110eaa16ea6e0961c844ef0d2) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys

2011/06/03 15:58:34.0437 0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/03 15:58:34.0546 0796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/03 15:58:34.0640 0796 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/03 15:58:34.0781 0796 STHDA (6b166d929f0e2d78fea1acddc5221f4c) C:\WINDOWS\system32\drivers\sthda.sys

2011/06/03 15:58:34.0890 0796 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/06/03 15:58:34.0953 0796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/03 15:58:35.0031 0796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/03 15:58:35.0250 0796 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

2011/06/03 15:58:35.0406 0796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/03 15:58:35.0562 0796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/03 15:58:35.0656 0796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/03 15:58:35.0718 0796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/03 15:58:35.0765 0796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/03 15:58:35.0843 0796 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys

2011/06/03 15:58:35.0984 0796 tosporte (6a404454c6133e749be33892eb6ffa35) C:\WINDOWS\system32\DRIVERS\tosporte.sys

2011/06/03 15:58:36.0046 0796 Tosrfbd (e4901804c4d8d613fa3560de2c2e0261) C:\WINDOWS\system32\Drivers\tosrfbd.sys

2011/06/03 15:58:36.0109 0796 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

2011/06/03 15:58:36.0187 0796 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

2011/06/03 15:58:36.0250 0796 Tosrfhid (7726332391d8fca1a491a17f592fd6b3) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

2011/06/03 15:58:36.0312 0796 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

2011/06/03 15:58:36.0375 0796 Tosrfusb (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys

2011/06/03 15:58:36.0468 0796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/03 15:58:36.0578 0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/03 15:58:36.0671 0796 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/06/03 15:58:36.0734 0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/03 15:58:36.0796 0796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/03 15:58:36.0843 0796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/03 15:58:36.0906 0796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/03 15:58:36.0968 0796 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/03 15:58:37.0031 0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/03 15:58:37.0218 0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/03 15:58:37.0359 0796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/03 15:58:37.0546 0796 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2011/06/03 15:58:37.0656 0796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/03 15:58:37.0718 0796 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/06/03 15:58:37.0828 0796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/03 15:58:37.0921 0796 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/06/03 15:58:38.0234 0796 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/06/03 15:58:38.0343 0796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/03 15:58:38.0390 0796 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/03 15:58:38.0562 0796 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

2011/06/03 15:58:38.0578 0796 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/06/03 15:58:38.0593 0796 ================================================================================

2011/06/03 15:58:38.0593 0796 Scan finished

2011/06/03 15:58:38.0593 0796 ================================================================================

2011/06/03 15:58:38.0640 0480 Detected object count: 1

2011/06/03 15:58:38.0640 0480 Actual detected object count: 1

2011/06/03 15:58:58.0984 0480 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/06/03 15:58:58.0984 0480 \Device\Harddisk0\DR0 - ok

2011/06/03 15:58:58.0984 0480 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/06/03 15:59:59.0125 1640 Deinitialize success

Link to post
Share on other sites

I rebooted and everything is working perfectly & there is no blue screen :]. Thanks for all your help I really appreciate it. Is there anything else you might want me to do?

Link to post
Share on other sites

Delete TDSSKiller

Next:

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.