Jump to content

zResku

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral

About zResku

  • Birthday 09/25/1994

Profile Information

  • Location
    Las Vegas
  • Interests
    Video games computer coding
  1. Thanks again for all your help. I'm glad you helped me :].
  2. I rebooted and everything is working perfectly & there is no blue screen :]. Thanks for all your help I really appreciate it. Is there anything else you might want me to do?
  3. Wait do you want me to let it reboot normally or reboot back into safemode?
  4. Alright here it is. 2011/06/03 15:58:07.0437 1912 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24 2011/06/03 15:58:08.0062 1912 ================================================================================ 2011/06/03 15:58:08.0062 1912 SystemInfo: 2011/06/03 15:58:08.0062 1912 2011/06/03 15:58:08.0062 1912 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/03 15:58:08.0062 1912 Product type: Workstation 2011/06/03 15:58:08.0062 1912 ComputerName: VALUED-A1EE0837 2011/06/03 15:58:08.0062 1912 UserName: Admisterator 2011/06/03 15:58:08.0062 1912 Windows directory: C:\WINDOWS 2011/06/03 15:58:08.0062 1912 System windows directory: C:\WINDOWS 2011/06/03 15:58:08.0062 1912 Processor architecture: Intel x86 2011/06/03 15:58:08.0062 1912 Number of processors: 2 2011/06/03 15:58:08.0062 1912 Page size: 0x1000 2011/06/03 15:58:08.0062 1912 Boot type: Safe boot with network 2011/06/03 15:58:08.0062 1912 ================================================================================ 2011/06/03 15:58:08.0734 1912 Initialize success 2011/06/03 15:58:19.0656 0796 ================================================================================ 2011/06/03 15:58:19.0656 0796 Scan started 2011/06/03 15:58:19.0656 0796 Mode: Manual; 2011/06/03 15:58:19.0656 0796 ================================================================================ 2011/06/03 15:58:21.0437 0796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/03 15:58:21.0531 0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/06/03 15:58:21.0765 0796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/03 15:58:21.0843 0796 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/06/03 15:58:21.0937 0796 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/06/03 15:58:22.0359 0796 androidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys 2011/06/03 15:58:22.0453 0796 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/06/03 15:58:22.0562 0796 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/06/03 15:58:22.0937 0796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/03 15:58:23.0078 0796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/03 15:58:23.0187 0796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/03 15:58:23.0265 0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/03 15:58:23.0328 0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/03 15:58:23.0390 0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/03 15:58:23.0437 0796 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/06/03 15:58:23.0531 0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/03 15:58:23.0562 0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/03 15:58:23.0640 0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/03 15:58:23.0734 0796 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/06/03 15:58:23.0859 0796 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/06/03 15:58:24.0031 0796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/03 15:58:24.0093 0796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/03 15:58:24.0171 0796 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys 2011/06/03 15:58:24.0265 0796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/03 15:58:24.0312 0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/03 15:58:24.0375 0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/03 15:58:24.0484 0796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/03 15:58:24.0593 0796 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/06/03 15:58:24.0656 0796 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/06/03 15:58:24.0781 0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/03 15:58:24.0875 0796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/06/03 15:58:24.0953 0796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/03 15:58:25.0015 0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/06/03 15:58:25.0093 0796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/06/03 15:58:25.0234 0796 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 2011/06/03 15:58:25.0312 0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/03 15:58:25.0375 0796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/03 15:58:25.0421 0796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/06/03 15:58:25.0468 0796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/03 15:58:25.0515 0796 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/06/03 15:58:25.0578 0796 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys 2011/06/03 15:58:25.0640 0796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/03 15:58:25.0734 0796 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/06/03 15:58:25.0796 0796 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/06/03 15:58:25.0921 0796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/03 15:58:26.0109 0796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/03 15:58:26.0250 0796 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys 2011/06/03 15:58:26.0359 0796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/03 15:58:26.0515 0796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/03 15:58:26.0609 0796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/06/03 15:58:26.0718 0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/03 15:58:26.0812 0796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/03 15:58:26.0875 0796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/03 15:58:26.0984 0796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/03 15:58:27.0062 0796 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys 2011/06/03 15:58:27.0109 0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/03 15:58:27.0156 0796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/03 15:58:27.0343 0796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/03 15:58:27.0406 0796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/03 15:58:27.0453 0796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/03 15:58:27.0578 0796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/03 15:58:27.0734 0796 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys 2011/06/03 15:58:27.0796 0796 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2011/06/03 15:58:27.0828 0796 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/06/03 15:58:27.0890 0796 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/06/03 15:58:27.0921 0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/03 15:58:27.0968 0796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/03 15:58:28.0031 0796 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys 2011/06/03 15:58:28.0140 0796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/03 15:58:28.0218 0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/03 15:58:28.0296 0796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/03 15:58:28.0390 0796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/03 15:58:28.0562 0796 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/03 15:58:28.0656 0796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/03 15:58:28.0734 0796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/03 15:58:28.0781 0796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/03 15:58:28.0843 0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/03 15:58:28.0890 0796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/03 15:58:29.0000 0796 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/06/03 15:58:29.0140 0796 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/03 15:58:29.0250 0796 Mvc25U870_VID_1262&PID_25FD (c4d5bc0a947581dea2c774f9f609b527) C:\WINDOWS\system32\Drivers\Mvc25U870.sys 2011/06/03 15:58:29.0312 0796 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/06/03 15:58:29.0437 0796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/03 15:58:29.0515 0796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/06/03 15:58:29.0578 0796 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/03 15:58:29.0640 0796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/03 15:58:29.0687 0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/03 15:58:29.0750 0796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/03 15:58:29.0812 0796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/03 15:58:29.0937 0796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/03 15:58:30.0031 0796 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/06/03 15:58:30.0125 0796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/03 15:58:30.0218 0796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/03 15:58:30.0296 0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/03 15:58:30.0421 0796 nv (fc3a514b80477f576727f94cd01a0973) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/06/03 15:58:30.0546 0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/03 15:58:30.0562 0796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/03 15:58:30.0625 0796 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/06/03 15:58:30.0703 0796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/06/03 15:58:30.0796 0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/03 15:58:30.0859 0796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/03 15:58:30.0953 0796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/03 15:58:31.0078 0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/03 15:58:31.0187 0796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/06/03 15:58:31.0671 0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/03 15:58:31.0750 0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/03 15:58:31.0796 0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/03 15:58:31.0875 0796 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/06/03 15:58:32.0203 0796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/03 15:58:32.0265 0796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/03 15:58:32.0359 0796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/03 15:58:32.0421 0796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/03 15:58:32.0515 0796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/03 15:58:32.0578 0796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/03 15:58:32.0656 0796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/03 15:58:32.0781 0796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/03 15:58:32.0906 0796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/03 15:58:33.0078 0796 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/06/03 15:58:33.0187 0796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/03 15:58:33.0281 0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/06/03 15:58:33.0421 0796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/06/03 15:58:33.0500 0796 Sftfs (14cb193ecd4e71a32446790f9ecf39dd) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys 2011/06/03 15:58:33.0609 0796 Sftplay (1f05637831caf19b069aaf361d720bb9) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys 2011/06/03 15:58:33.0671 0796 Sftredir (423628f17862593d7d43e02187f4c1b5) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys 2011/06/03 15:58:33.0718 0796 Sftvol (258ab73a01fa1b8d1a2a053c6bba5544) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys 2011/06/03 15:58:33.0843 0796 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys 2011/06/03 15:58:33.0890 0796 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys 2011/06/03 15:58:34.0000 0796 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys 2011/06/03 15:58:34.0062 0796 slim (bf26aea9fc8e09bc1b59134fc11b9ea6) C:\WINDOWS\system32\drivers\slim.sys 2011/06/03 15:58:34.0156 0796 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/06/03 15:58:34.0250 0796 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys 2011/06/03 15:58:34.0343 0796 SonyImgF (fb77021110eaa16ea6e0961c844ef0d2) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys 2011/06/03 15:58:34.0437 0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/03 15:58:34.0546 0796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/03 15:58:34.0640 0796 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/03 15:58:34.0781 0796 STHDA (6b166d929f0e2d78fea1acddc5221f4c) C:\WINDOWS\system32\drivers\sthda.sys 2011/06/03 15:58:34.0890 0796 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/06/03 15:58:34.0953 0796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/03 15:58:35.0031 0796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/03 15:58:35.0250 0796 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys 2011/06/03 15:58:35.0406 0796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/03 15:58:35.0562 0796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/03 15:58:35.0656 0796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/03 15:58:35.0718 0796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/03 15:58:35.0765 0796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/03 15:58:35.0843 0796 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys 2011/06/03 15:58:35.0984 0796 tosporte (6a404454c6133e749be33892eb6ffa35) C:\WINDOWS\system32\DRIVERS\tosporte.sys 2011/06/03 15:58:36.0046 0796 Tosrfbd (e4901804c4d8d613fa3560de2c2e0261) C:\WINDOWS\system32\Drivers\tosrfbd.sys 2011/06/03 15:58:36.0109 0796 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys 2011/06/03 15:58:36.0187 0796 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys 2011/06/03 15:58:36.0250 0796 Tosrfhid (7726332391d8fca1a491a17f592fd6b3) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 2011/06/03 15:58:36.0312 0796 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 2011/06/03 15:58:36.0375 0796 Tosrfusb (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys 2011/06/03 15:58:36.0468 0796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/03 15:58:36.0578 0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/03 15:58:36.0671 0796 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/06/03 15:58:36.0734 0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/03 15:58:36.0796 0796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/03 15:58:36.0843 0796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/03 15:58:36.0906 0796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/03 15:58:36.0968 0796 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/03 15:58:37.0031 0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/03 15:58:37.0218 0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/03 15:58:37.0359 0796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/03 15:58:37.0546 0796 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys 2011/06/03 15:58:37.0656 0796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/03 15:58:37.0718 0796 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/06/03 15:58:37.0828 0796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/03 15:58:37.0921 0796 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/06/03 15:58:38.0234 0796 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/06/03 15:58:38.0343 0796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/03 15:58:38.0390 0796 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/03 15:58:38.0562 0796 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0 2011/06/03 15:58:38.0578 0796 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/06/03 15:58:38.0593 0796 ================================================================================ 2011/06/03 15:58:38.0593 0796 Scan finished 2011/06/03 15:58:38.0593 0796 ================================================================================ 2011/06/03 15:58:38.0640 0480 Detected object count: 1 2011/06/03 15:58:38.0640 0480 Actual detected object count: 1 2011/06/03 15:58:58.0984 0480 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/06/03 15:58:58.0984 0480 \Device\Harddisk0\DR0 - ok 2011/06/03 15:58:58.0984 0480 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/06/03 15:59:59.0125 1640 Deinitialize success
  5. sorry for the delay but here it is. I had difficulties the 1st couple tries blue screen kept messing me up. ComboFix 11-06-04.02 - Admisterator 06/03/2011 15:25:01.14.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.621 [GMT -7:00] Running from: c:\documents and settings\Admisterator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Admisterator\Desktop\CFScript.txt . FILE :: "c:\documents and settings\Admisterator\simpaytrtp.tmp" "c:\windows\system32\hccoin32.exe" "c:\windows\system32\ipxwan32.exe" "c:\windows\system32\LFCMP10N32.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NtLmSsp32 -------\Service_NtLmSsp32 . . ((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 ))))))))))))))))))))))))))))))) . . 2011-06-03 01:25 . 2011-06-03 01:27 -------- d-----w- c:\program files\iPod 2011-06-02 21:32 . 2011-02-28 15:09 53248 ----a-w- c:\windows\system32\CSVer.dll 2011-06-02 21:31 . 2011-06-02 21:31 -------- d-----w- C:\Intel 2011-06-02 21:22 . 2011-06-02 21:22 -------- d-----w- c:\documents and settings\Admisterator\Application Data\SystemRequirementsLab 2011-06-02 21:18 . 2011-06-02 21:18 66048 ---ha-w- c:\windows\system32\calctson.dll 2011-06-02 03:51 . 2011-06-02 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit 2011-06-01 22:30 . 2011-06-01 22:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2011-06-01 22:30 . 2011-06-01 22:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2011-05-30 23:41 . 2011-05-30 23:41 -------- d-----w- c:\documents and settings\Admisterator\Local Settings\Application Data\Xara 2011-05-29 20:53 . 2011-05-29 20:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-05-29 20:26 . 2011-05-29 20:26 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-05-29 20:26 . 2011-05-29 20:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\vmntemplate 2011-05-29 08:19 . 2011-05-29 08:19 -------- d-----w- c:\documents and settings\Admisterator\Application Data\vmntemplate 2011-05-29 07:15 . 2011-05-29 20:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar 2011-05-26 05:09 . 2011-05-26 05:09 -------- d-----w- c:\documents and settings\Admisterator\Application Data\Notepad++ 2011-05-26 03:57 . 2011-05-26 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2011-05-25 23:45 . 2011-05-25 23:45 -------- d-sh--w- c:\documents and settings\Admisterator\IECompatCache 2011-05-25 21:57 . 2011-05-25 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon 2011-05-23 23:09 . 2011-05-23 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2011-05-23 23:07 . 2011-05-23 23:07 -------- d-----w- c:\documents and settings\Admisterator\Application Data\IObit 2011-05-23 23:07 . 2011-05-23 23:14 -------- d-----w- c:\program files\IObit 2011-05-22 23:50 . 2011-05-23 03:02 -------- d-----w- c:\documents and settings\Admisterator\Application Data\Skype 2011-05-22 09:30 . 2011-05-22 09:41 -------- d-----w- c:\documents and settings\Admisterator\Application Data\TeamViewer 2011-05-21 12:37 . 2011-05-21 12:37 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll 2011-05-21 12:36 . 2011-05-21 12:36 -------- d-----w- c:\program files\Common Files\xing shared 2011-05-21 12:36 . 2011-05-21 12:36 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll 2011-05-21 12:36 . 2011-05-21 12:36 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll 2011-05-21 12:36 . 2011-05-21 12:36 -------- d-----w- c:\program files\Real 2011-05-21 11:53 . 2011-05-21 11:53 -------- d-----w- c:\program files\AhnLab 2011-05-21 11:53 . 2011-05-21 11:53 -------- d-----w- c:\documents and settings\Admisterator\AppData 2011-05-19 21:09 . 2011-05-19 21:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-10 06:29 . 2011-05-10 06:29 -------- d-----w- c:\documents and settings\Admisterator\Application Data\AdobeUM 2011-05-05 06:21 . 2011-05-05 06:21 -------- d-----w- c:\documents and settings\Admisterator\Application Data\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 16:11 . 2011-01-01 08:07 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11 . 2011-01-01 08:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-21 12:36 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-05-21 12:36 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-03-10 23:41 . 2011-03-10 23:35 775 ----a-w- C:\cleanup.bat 2011-03-07 05:33 . 2006-06-13 18:07 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-30 17:05 . 2011-03-30 21:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-06-03_00.04.39 ))))))))))))))))))))))))))))))))))))))))) . + 2006-06-13 17:53 . 2004-04-12 12:00 88064 c:\windows\sysprep\sysprep.exe + 2006-06-13 17:53 . 2004-04-12 12:00 30208 c:\windows\sysprep\setupcl.exe + 2006-06-13 17:56 . 2004-01-14 01:37 36864 c:\windows\sysprep\puma.exe + 2006-06-13 17:53 . 2004-04-12 12:00 16384 c:\windows\sysprep\netcfg.exe + 2006-06-13 17:53 . 2004-04-12 12:00 141312 c:\windows\sysprep\factory.exe + 2006-06-13 17:56 . 2003-04-13 05:02 172133 c:\windows\sysprep\deltimer.exe + 2006-06-13 17:56 . 2003-04-09 22:12 11871576 c:\windows\sysprep\I386\$OEM$\DX9NTopk.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-18 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-18 7561216] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-01-26 212992] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360] "ExecAfterFirstBoot"="c:\windows\SONYSYS\EFlyer\ExecAfterFirstBoot.exe" [2005-03-16 204800] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2006-03-15 40960] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936] "VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632] "HostManager"="c:\program files\Common Files\AOL\1274402213\ee\AOLHostManager.exe" [2005-11-04 159832] "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-21 273544] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^FrostWire On Startup.lnk] backup=c:\windows\pss\FrostWire On Startup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"= "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\RKMediaCenter.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:ooVoo TCP port 443 "443:UDP"= 443:UDP:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:ooVoo UDP port 37675 "57314:TCP"= 57314:TCP:Pando Media Booster "57314:UDP"= 57314:UDP:Pando Media Booster "1031:TCP"= 1031:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . S0 fsboyimv;fsboyimv;c:\windows\system32\drivers\dfynv.sys --> c:\windows\system32\drivers\dfynv.sys [?] S0 hnmqaflg;hnmqaflg;c:\windows\system32\drivers\mrjdatj.sys --> c:\windows\system32\drivers\mrjdatj.sys [?] S0 jiahkl;jiahkl;c:\windows\system32\drivers\hbnxaunn.sys --> c:\windows\system32\drivers\hbnxaunn.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/1/2011 1:07 AM 366640] S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [11/22/2010 9:03 PM 91456] S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688] S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [11/22/2010 9:19 PM 25856] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/1/2011 1:07 AM 22712] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/1/2011 1:07 AM 39984] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11/22/2010 9:19 PM 42752] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344] S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432] S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584] S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768] S3 slim;Sony Lucid Integrated Mpeg encoder;c:\windows\system32\drivers\slim.sys [6/13/2006 10:56 AM 698496] S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [6/13/2006 10:56 AM 29184] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096] S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [6/13/2006 10:56 AM 226304] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MDMXSDK . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] itlsvc REG_MULTI_SZ itlperf . Contents of the 'Scheduled Tasks' folder . 2011-05-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-VALUED-A1EE0837-Administrator.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-02 11:44] . 2011-05-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-VALUED-A1EE0837-Admisterator.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-02 11:44] . 2011-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50] . 2011-06-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . 2011-06-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2195036120-3092630378-280426032-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . 2011-05-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . 2011-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2195036120-3092630378-280426032-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sony.com/vaiopeople IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Admisterator\Application Data\Mozilla\Firefox\Profiles\tmor1fig.default\ FF - prefs.js: network.proxy.type - 0 user_pref(security.warn_viewing_mixed,false); user_pref(security.warn_viewing_mixed.show_once,false); FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false user_pref(security.warn_submit_insecure,false); FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-03 15:36 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,97,e1,e8,9d,ce,74,4f,93,a1,08,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,97,e1,e8,9d,ce,74,4f,93,a1,08,\ . [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_NameSpace_Catalog"="NameSpace_Catalog5" "Current_Protocol_Catalog"="Protocol_Catalog9" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(884) c:\windows\system32\WININET.dll c:\windows\system32\VESWinlogon.dll . - - - - - - - > 'lsass.exe'(944) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(460) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll . Completion time: 2011-06-03 15:41:45 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-03 22:41 ComboFix2.txt 2011-06-03 02:19 ComboFix3.txt 2011-06-03 01:19 ComboFix4.txt 2011-06-03 00:08 ComboFix5.txt 2011-06-03 21:07 . Pre-Run: 137,908,994,048 bytes free Post-Run: 138,971,869,184 bytes free . - - End Of File - - 5DE0720741837E14F1B803E519AB0196
  6. ***UPDATE*** This morning I was able to merge the fixme.reg file. After that I emptied my recycle bin and rebooted. It started up normally but then blue screen came up again. I'm currently in safe mode again & here is my latest MBAM log file Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6752 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 6/3/2011 6:07:32 AM mbam-log-2011-06-03 (06-07-32).txt Scan type: Quick scan Objects scanned: 168348 Time elapsed: 6 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\02000000d2b2c03e1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000d2b2c03e1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000d2b2c03e1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000d2b2c03e1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
  7. Here is the log file for combofix. ComboFix 11-06-02.02 - Admisterator 06/02/2011 16:52:07.9.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.600 [GMT -7:00] Running from: c:\documents and settings\Admisterator\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected . ((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 ))))))))))))))))))))))))))))))) . . 2011-06-02 21:32 . 2011-02-28 15:09 53248 ----a-w- c:\windows\system32\CSVer.dll 2011-06-02 21:31 . 2011-06-02 21:31 -------- d-----w- C:\Intel 2011-06-02 21:22 . 2011-06-02 21:22 -------- d-----w- c:\documents and settings\Admisterator\Application Data\SystemRequirementsLab 2011-06-02 21:18 . 2011-06-02 21:18 66048 ---ha-w- c:\windows\system32\calctson.dll 2011-06-02 03:51 . 2011-06-02 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit 2011-06-01 22:30 . 2011-06-01 22:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2011-06-01 22:30 . 2011-06-01 22:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2011-05-30 23:41 . 2011-05-30 23:41 -------- d-----w- c:\documents and settings\Admisterator\Local Settings\Application Data\Xara 2011-05-29 20:53 . 2011-05-29 20:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-05-29 20:26 . 2011-05-29 20:26 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-05-29 20:26 . 2011-05-29 20:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\vmntemplate 2011-05-29 08:19 . 2011-05-29 08:19 -------- d-----w- c:\documents and settings\Admisterator\Application Data\vmntemplate 2011-05-29 07:34 . 2011-05-30 20:47 -------- d-----w- c:\documents and settings\Admisterator\Application Data\whitesmoketoolbar 2011-05-29 07:15 . 2011-05-29 20:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar 2011-05-29 07:15 . 2011-05-29 07:15 -------- d-----w- c:\program files\whitesmoketoolbar 2011-05-26 05:09 . 2011-05-26 05:09 -------- d-----w- c:\documents and settings\Admisterator\Application Data\Notepad++ 2011-05-26 03:57 . 2011-05-26 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2011-05-25 23:45 . 2011-05-25 23:45 -------- d-sh--w- c:\documents and settings\Admisterator\IECompatCache 2011-05-25 21:57 . 2011-05-25 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon 2011-05-23 23:09 . 2011-05-23 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2011-05-23 23:07 . 2011-05-23 23:07 -------- d-----w- c:\documents and settings\Admisterator\Application Data\IObit 2011-05-23 23:07 . 2011-05-23 23:14 -------- d-----w- c:\program files\IObit 2011-05-22 23:50 . 2011-05-23 03:02 -------- d-----w- c:\documents and settings\Admisterator\Application Data\Skype 2011-05-22 09:30 . 2011-05-22 09:41 -------- d-----w- c:\documents and settings\Admisterator\Application Data\TeamViewer 2011-05-21 12:37 . 2011-05-21 12:37 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll 2011-05-21 12:36 . 2011-05-21 12:36 -------- d-----w- c:\program files\Common Files\xing shared 2011-05-21 12:36 . 2011-05-21 12:36 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll 2011-05-21 12:36 . 2011-05-21 12:36 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll 2011-05-21 12:36 . 2011-05-21 12:36 -------- d-----w- c:\program files\Real 2011-05-21 11:53 . 2011-05-21 11:53 -------- d-----w- c:\program files\AhnLab 2011-05-21 11:53 . 2011-05-21 11:53 -------- d-----w- c:\documents and settings\Admisterator\AppData 2011-05-19 21:09 . 2011-05-19 21:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-10 06:29 . 2011-05-10 06:29 -------- d-----w- c:\documents and settings\Admisterator\Application Data\AdobeUM 2011-05-05 06:21 . 2011-05-05 06:21 -------- d-----w- c:\documents and settings\Admisterator\Application Data\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 16:11 . 2011-01-01 08:07 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11 . 2011-01-01 08:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-21 12:36 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-05-21 12:36 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-05-03 21:05 . 2011-05-03 21:05 0 ---ha-w- c:\documents and settings\Admisterator\simpaytrtp.tmp 2011-05-03 01:20 . 2011-05-03 01:20 155648 ----a-w- c:\windows\system32\LFCMP10N32.dll 2011-05-03 01:20 . 2011-05-03 01:20 692736 ----a-w- c:\windows\system32\hccoin32.exe 2011-05-03 01:20 . 2011-05-03 01:20 692736 ----a-w- c:\windows\system32\ipxwan32.exe 2011-03-10 23:41 . 2011-03-10 23:35 775 ----a-w- C:\cleanup.bat 2011-03-07 05:33 . 2006-06-13 18:07 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-30 17:05 . 2011-03-30 21:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-05-26_07.17.05 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-02 23:50 . 2011-06-02 23:50 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat - 2006-06-13 11:03 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll + 2006-06-13 11:03 . 2008-04-13 23:12 74240 c:\windows\system32\usbui.dll + 2011-06-02 21:33 . 2008-04-13 17:36 68224 c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\pci.sys + 2011-06-02 21:32 . 2008-04-13 23:12 74240 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbui.dll - 2006-06-13 19:39 . 2004-08-04 07:56 74240 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbui.dll + 2011-06-02 21:32 . 2008-04-13 17:45 59520 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbhub.sys + 2011-06-02 21:32 . 2008-04-13 18:45 30208 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbehci.sys + 2011-06-02 21:32 . 2008-04-13 23:12 74240 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbui.dll - 2006-06-13 19:39 . 2004-08-04 07:56 74240 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbui.dll + 2011-06-02 21:32 . 2008-04-13 17:45 20608 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbuhci.sys + 2011-06-02 21:32 . 2008-04-13 17:45 59520 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbhub.sys - 2006-06-13 19:39 . 2004-08-04 07:56 74240 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbui.dll + 2011-06-02 21:32 . 2008-04-13 23:12 74240 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbui.dll + 2011-06-02 21:32 . 2008-04-13 17:45 20608 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbuhci.sys + 2011-06-02 21:32 . 2008-04-13 17:45 59520 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbhub.sys - 2006-06-13 19:39 . 2004-08-04 00:56 74240 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbui.dll + 2011-06-02 21:32 . 2008-04-13 23:12 74240 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbui.dll + 2011-06-02 21:32 . 2008-04-13 17:45 20608 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbuhci.sys + 2011-06-02 21:32 . 2008-04-13 17:45 59520 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbhub.sys + 2011-06-02 21:33 . 2008-04-13 18:36 37248 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\isapnp.sys + 2011-06-02 21:33 . 2008-04-13 17:36 68224 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\pci.sys - 2006-06-13 19:39 . 2004-08-04 06:07 68224 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\pci.sys - 2006-06-13 19:39 . 2004-08-04 06:07 68224 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\pci.sys + 2011-06-02 21:33 . 2008-04-13 17:36 68224 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\pci.sys + 2011-06-02 21:33 . 2008-04-13 17:36 68224 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\pci.sys - 2006-06-13 19:39 . 2004-08-04 06:07 68224 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\pci.sys + 2011-06-02 21:32 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbui.dll + 2011-06-02 21:32 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbuhci.sys + 2011-06-02 21:32 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbhub.sys + 2011-06-02 21:32 . 2008-04-13 18:36 68224 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\pci.sys + 2004-08-03 23:08 . 2008-04-13 17:45 20608 c:\windows\system32\drivers\usbuhci.sys - 2004-08-03 23:08 . 2008-04-13 18:45 20608 c:\windows\system32\drivers\usbuhci.sys - 2004-08-03 23:08 . 2008-04-13 18:45 59520 c:\windows\system32\drivers\usbhub.sys + 2004-08-03 23:08 . 2008-04-13 17:45 59520 c:\windows\system32\drivers\usbhub.sys - 2004-08-03 23:08 . 2008-04-13 18:45 30208 c:\windows\system32\drivers\usbehci.sys + 2004-08-03 23:08 . 2008-04-13 17:45 30208 c:\windows\system32\drivers\usbehci.sys - 2004-08-03 23:07 . 2008-04-13 18:36 68224 c:\windows\system32\drivers\pci.sys + 2004-08-03 23:07 . 2008-04-13 17:36 68224 c:\windows\system32\drivers\pci.sys + 2001-08-17 13:58 . 2008-04-13 17:36 37248 c:\windows\system32\drivers\isapnp.sys - 2001-08-17 13:58 . 2008-04-13 18:36 37248 c:\windows\system32\drivers\isapnp.sys - 2006-06-13 18:11 . 2011-02-26 03:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-06-13 18:11 . 2011-05-29 21:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-05-21 00:20 . 2011-05-27 20:29 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2010-05-21 00:20 . 2011-05-25 23:47 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2010-05-21 00:20 . 2011-05-25 23:47 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2010-05-21 00:20 . 2011-05-27 20:29 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2010-05-21 00:20 . 2011-05-25 23:47 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2010-05-21 00:20 . 2011-05-27 20:29 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2010-05-21 00:20 . 2011-05-27 20:29 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2010-05-21 00:20 . 2011-05-25 23:47 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2011-06-02 21:32 . 2008-04-14 00:11 7168 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\hccoin.dll - 2010-05-21 00:20 . 2011-05-25 23:47 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2010-05-21 00:20 . 2011-05-27 20:29 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2011-06-02 21:32 . 2008-04-13 17:45 143872 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbport.sys + 2011-06-02 21:32 . 2008-04-13 17:45 143872 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbport.sys + 2011-06-02 21:32 . 2008-04-13 17:45 143872 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbport.sys + 2011-06-02 21:32 . 2008-04-13 17:45 143872 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbport.sys + 2011-06-02 21:32 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbport.sys - 2004-08-03 23:08 . 2008-04-13 18:45 143872 c:\windows\system32\drivers\usbport.sys + 2004-08-03 23:08 . 2008-04-13 17:45 143872 c:\windows\system32\drivers\usbport.sys + 2006-06-13 17:56 . 2007-03-21 19:58 304920 c:\windows\system32\drivers\iastor.sys + 2011-03-30 22:00 . 2011-05-30 12:08 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - 2011-03-30 22:00 . 2011-03-30 22:26 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat + 2011-06-02 03:22 . 2011-05-30 20:34 191070 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat + 2010-11-18 00:21 . 2011-06-01 22:30 380928 c:\windows\Installer\{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}\iTunesIco.exe - 2010-11-18 00:21 . 2011-03-28 03:21 380928 c:\windows\Installer\{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}\iTunesIco.exe - 2010-05-21 00:20 . 2011-05-25 23:47 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2010-05-21 00:20 . 2011-05-27 20:29 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2010-05-21 00:20 . 2011-05-25 23:47 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2010-05-21 00:20 . 2011-05-27 20:29 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2010-05-21 00:20 . 2011-05-25 23:47 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2010-05-21 00:20 . 2011-05-27 20:29 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2010-05-21 00:20 . 2011-05-25 23:47 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2010-05-21 00:20 . 2011-05-27 20:29 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2010-05-21 00:20 . 2011-05-25 23:47 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2010-05-21 00:20 . 2011-05-27 20:29 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2011-04-27 18:14 . 2011-04-27 18:14 5520384 c:\windows\Installer\227a7.msp + 2011-04-29 20:04 . 2011-04-29 20:04 5053440 c:\windows\Installer\22794.msp + 2010-06-01 18:47 . 2011-05-27 20:29 42829768 c:\windows\system32\MRT.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4709dfb-a47d-451c-957d-e78d25263cb8}] 2011-04-20 15:34 81920 ----a-w- c:\program files\whitesmoketoolbar\vmntemplateX.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{e4709dfb-a47d-451c-957d-e78d25263cb8}"= "c:\program files\whitesmoketoolbar\vmntemplateX.dll" [2011-04-20 81920] . [HKEY_CLASSES_ROOT\clsid\{e4709dfb-a47d-451c-957d-e78d25263cb8}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-18 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-18 7561216] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-01-26 212992] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360] "ExecAfterFirstBoot"="c:\windows\SONYSYS\EFlyer\ExecAfterFirstBoot.exe" [2005-03-16 204800] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2006-03-15 40960] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936] "VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632] "HostManager"="c:\program files\Common Files\AOL\1274402213\ee\AOLHostManager.exe" [2005-11-04 159832] "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-21 273544] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\LFCMP10N32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^FrostWire On Startup.lnk] backup=c:\windows\pss\FrostWire On Startup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"= "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\RKMediaCenter.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\WINDOWS\\system32\\ipxwan32.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:ooVoo TCP port 443 "443:UDP"= 443:UDP:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:ooVoo UDP port 37675 "57314:TCP"= 57314:TCP:Pando Media Booster "57314:UDP"= 57314:UDP:Pando Media Booster "1031:TCP"= 1031:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [5/23/2011 4:07 PM 352656] R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/1/2011 1:07 AM 366640] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [11/22/2010 9:03 PM 91456] R2 NtLmSsp32;NT LM Security Support Provider ;c:\windows\system32\ipxwan32.exe [5/2/2011 6:20 PM 692736] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/1/2011 1:07 AM 22712] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768] R3 slim;Sony Lucid Integrated Mpeg encoder;c:\windows\system32\drivers\slim.sys [6/13/2006 10:56 AM 698496] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [6/13/2006 10:56 AM 226304] S0 fsboyimv;fsboyimv;c:\windows\system32\drivers\dfynv.sys --> c:\windows\system32\drivers\dfynv.sys [?] S0 hnmqaflg;hnmqaflg;c:\windows\system32\drivers\mrjdatj.sys --> c:\windows\system32\drivers\mrjdatj.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [11/22/2010 9:19 PM 25856] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/1/2011 1:07 AM 39984] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11/22/2010 9:19 PM 42752] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [6/13/2006 10:56 AM 29184] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] itlsvc REG_MULTI_SZ itlperf . Contents of the 'Scheduled Tasks' folder . 2011-05-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-VALUED-A1EE0837-Administrator.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-02 11:44] . 2011-05-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-VALUED-A1EE0837-Admisterator.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-02 11:44] . 2011-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50] . 2011-05-23 c:\windows\Tasks\ASC4_AutoCare.job - c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-05-23 23:54] . 2011-06-02 c:\windows\Tasks\ASC4_AutoSweep.job - c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-05-23 23:54] . 2011-06-02 c:\windows\Tasks\ASC4_AutoUpdate.job - c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-05-23 23:54] . 2011-06-02 c:\windows\Tasks\ASC4_PerformanceMonitor.job - c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-23 23:54] . 2011-06-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . 2011-06-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2195036120-3092630378-280426032-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . 2011-05-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . 2011-06-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2195036120-3092630378-280426032-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sony.com/vaiopeople IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Admisterator\Application Data\Mozilla\Firefox\Profiles\tmor1fig.default\ FF - prefs.js: network.proxy.type - 0 user_pref(security.warn_viewing_mixed,false); user_pref(security.warn_viewing_mixed.show_once,false); FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false user_pref(security.warn_submit_insecure,false); FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-02 17:04 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,97,e1,e8,9d,ce,74,4f,93,a1,08,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,97,e1,e8,9d,ce,74,4f,93,a1,08,\ . [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_NameSpace_Catalog"="NameSpace_Catalog5" "Current_Protocol_Catalog"="Protocol_Catalog9" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1280) c:\windows\system32\WININET.dll c:\windows\system32\VESWinlogon.dll . - - - - - - - > 'lsass.exe'(1344) c:\windows\system32\WININET.dll . Completion time: 2011-06-02 17:08:18 ComboFix-quarantined-files.txt 2011-06-03 00:08 ComboFix2.txt 2011-05-31 00:18 ComboFix3.txt 2011-05-30 19:10 ComboFix4.txt 2011-05-29 09:09 ComboFix5.txt 2011-06-02 04:36 . Pre-Run: 137,824,575,488 bytes free Post-Run: 137,971,601,408 bytes free . - - End Of File - - 223F7ACF9B8987BBEE05DC73FD1270CB I am able to use my laptop normally. But at times when I'm trying to get to a website it redirects me. I appreciate the help and waiting for further instructions.
  8. I appreciate your help but when I try to merge the fixme.reg file it gives me an error saying I can't import the file. Also yesterday around 8pm my computer was attacked by another virus and I removed it.But after that I rebooted and get a blue screen saying something about iaStor.sys & now I'm forced to use safe mode. I am currently on safe mode.
  9. Hi my name is Miguel and Ive been trying to get rid of this problem for over 2 weeks now. I am using MBAM and when ever I scan my laptop the malware appears even tho MBAM said its been quarantined and successfully deleted. I scan my laptop everyday but no luck. I would really appreciate it if someone can help me. This is the log file from my last scan Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6678 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/1/2011 3:33:08 PM mbam-log-2011-06-01 (15-33-08).txt Scan type: Quick scan Objects scanned: 175363 Time elapsed: 15 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\networkservice\application data\02000000d2b2c03e1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\application data\02000000d2b2c03e1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\application data\02000000d2b2c03e1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\application data\02000000d2b2c03e1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000d2b2c03e1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000d2b2c03e1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000d2b2c03e1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000d2b2c03e1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully. ============================================================================================================================================================================================ This is my DDS.txt . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Run by Admisterator at 15:17:51 on 2011-06-01 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.439 [GMT -7:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\WINDOWS\system32\ipxwan32.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\hccoin32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files\Common Files\AOL\1274402213\ee\AOLHostManager.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe svchost.exe C:\Program Files\Common Files\AOL\1274402213\ee\AOLServiceHost.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Admisterator\Desktop\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sony.com/vaiopeople uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll mURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 3.0\aoltb.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: WhiteSmoke Toolbar: {e4709dfb-a47d-451c-957d-e78d25263cb8} - c:\program files\whitesmoketoolbar\vmntemplateX.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: WhiteSmoke Toolbar: {e4709dfb-a47d-451c-957d-e78d25263cb8} - c:\program files\whitesmoketoolbar\vmntemplateX.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [ExecAfterFirstBoot] c:\windows\sonysys\eflyer\execafterfirstboot.exe /fc:\windows\sonysys\docs\Latest Information.pdf /d4 mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary mRun: [AppMon Utility] c:\program files\sony\appmonutil\AppMonUtility.exe @@@Start mRun: [switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe mRun: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe" mRun: [HostManager] c:\program files\common files\aol\1274402213\ee\AOLHostManager.exe mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe uPolicies-explorer: NoInstrumentation = 1 (0x1) IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-us\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Notify: VESWinlogon - VESWinlogon.dll AppInit_DLLs: c:\windows\system32\LFCMP10N32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {C6655B5B-3926-4251-B191-E4F632438879} - rundll32.exe "c:\documents and settings\admisterator\application data\sun\mag0.dll", UnregisterDll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\admisterator\application data\mozilla\firefox\profiles\tmor1fig.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\admisterator\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ---- FIREFOX POLICIES ---- # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */ FF - user.js: accessibility.typeaheadfind.flashBar - 0 FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1306361913 FF - user.js: app.update.lastUpdateTime.background-update-timer - 1306358038 FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1306362945 FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1305785354 FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1301292541 FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1306368308 FF - user.js: browser.cache.disk.capacity - 1048576 FF - user.js: browser.cache.disk.smart_size.first_run - false FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576 FF - user.js: browser.download.lastDir - c:\\documents and settings\\admisterator\\Desktop FF - user.js: browser.download.manager.alertOnEXEOpen - true FF - user.js: browser.migration.version - 5 FF - user.js: browser.offline - false FF - user.js: browser.places.importBookmarksHTML - false FF - user.js: browser.places.smartBookmarksVersion - 2 FF - user.js: browser.preferences.advanced.selectedTabIndex - 3 FF - user.js: browser.rights.3.shown - true FF - user.js: browser.shell.checkDefaultBrowser - false FF - user.js: browser.startup.homepage_override.buildID - 20110413222027 FF - user.js: browser.startup.homepage_override.mstone - rv:2.0.1 FF - user.js: extensions.blocklist.pingCountTotal - 48 FF - user.js: extensions.blocklist.pingCountVersion - 24 FF - user.js: extensions.bootstrappedAddons - {} FF - user.js: extensions.databaseSchema - 3 FF - user.js: extensions.enabledAddons - {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906,{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{4657d197-2477-4cb0-947c-f937daca08ad}:1.0,{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3,{baaf7c33-81de-4653-b8ca-56ff55dad0de}:1.0,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3,{417cbea5-8f4b-4588-9895-e539c345bc40}:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:4.0.1 FF - user.js: extensions.enabledItems - {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906,{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16 FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{abde892b-13a8-4d1b-88e6-365a6e755758}\:{\descriptor\:\c:\\\\documents and settings\\\\all users\\\\application data\\\\real\\\\realplayer\\\\browserrecordplugin\\\\firefox\\\\ext\,\mtime\:1305981412453}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1304183121343},\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\,\mtime\:1296291357858},\{cafeefac-0016-0000-0018-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0018-abcdeffedcba}\,\mtime\:1274570556296},\{cafeefac-0016-0000-0022-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0022-abcdeffedcba}\,\mtime\:1299007447625}}},{\name\:\app-profile\,\addons\:{\{417cbea5-8f4b-4588-9895-e539c345bc40}\:{\descriptor\:\c:\\\\documents and settings\\\\admisterator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\tmor1fig.default\\\\extensions\\\\{417cbea5-8f4b-4588-9895-e539c345bc40}\,\mtime\:1306378761640},\{4657d197-2477-4cb0-947c-f937daca08ad}\:{\descriptor\:\c:\\\\documents and settings\\\\admisterator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\tmor1fig.default\\\\extensions\\\\{4657d197-2477-4cb0-947c-f937daca08ad}\,\mtime\:1304561523154},\{baaf7c33-81de-4653-b8ca-56ff55dad0de}\:{\descriptor\:\c:\\\\documents and settings\\\\admisterator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\tmor1fig.default\\\\extensions\\\\{baaf7c33-81de-4653-b8ca-56ff55dad0de}\,\mtime\:1305926129350},\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\:{\descriptor\:\c:\\\\documents and settings\\\\admisterator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\tmor1fig.default\\\\extensions\\\\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi\,\mtime\:1305608874343}}}] FF - user.js: extensions.lastAppVersion - 4.0.1 FF - user.js: extensions.pendingOperations - false FF - user.js: extensions.skype_toolbar.version - 5.0.0.6906 FF - user.js: gfx.blacklist.layers.direct3d9 - 2 FF - user.js: greasemonkey.haveInsertedToolbarbutton - true FF - user.js: greasemonkey.scriptvals.znerp/facebook colour changer.setup - ({colour1:\#7e0ec5\, colour2:\#040008\}) FF - user.js: greasemonkey.scriptvals.znerp/facebook colour changer.usoCheckup:age - 1306250358 FF - user.js: greasemonkey.scriptvals.znerp/facebook colour changer.usoCheckup:backoff - 5 FF - user.js: greasemonkey.version - 0.9.3 FF - user.js: idle.lastDailyNotification - 1306375848 FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-1, UTF-8, windows-1252 FF - user.js: lightweightThemes.isThemeSelected - true FF - user.js: lightweightThemes.persisted.footerURL - true FF - user.js: lightweightThemes.persisted.headerURL - true FF - user.js: lightweightThemes.usedThemes - [{\id\:\357511\,\name\:\tigers matter\,\headerurl\:\hxxp://getpersonas-cdn.mozilla.net/static/1/1/357511/h_tigersmatter.jpg?1302025861\,\footerurl\:\http://getpersonas-cdn.mozilla.net/static/1/1/357511/f_tigersmatter.jpg?1302025861\,\textcolor\:\#ffffff\,\accentcolor\:\#000000\,\iconurl\:\http://getpersonas-cdn.mozilla.net/static/1/1/357511/preview_small.jpg?1302025861\,\previewurl\:\http://getpersonas-cdn.mozilla.net/static/1/1/357511/preview.jpg?1302025861\,\author\:\eatingstick\,\description\:\adjusted to firefox 4.\\u000d\\u000atigers are considered an umbrella species, and as such, trigger a top down chain of species die outs and habitat failure with their extinction. once an apex predator dies off, former prey populations that were once controlled by predation become rampant in numbers without a food source to sustain them.\,\updateurl\:\https://www.getpersonas.com/en-us/update_check/357511\,\version\:\1302025861\,\updatedate\:1302220136970,\installdate\:1301521556041}] FF - user.js: network.cookie.prefsMigrated - true FF - user.js: network.proxy.type - 0 FF - user.js: places.database.lastMaintenance - 1306375848 FF - user.js: places.history.expiration.transient_current_max_pages - 32152 FF - user.js: privacy.cpd.siteSettings - true FF - user.js: privacy.sanitize.migrateFx3Prefs - true FF - user.js: privacy.sanitize.timeSpan - 0 FF - user.js: security.warn_viewing_mixed - false FF - user.js: services.sync.clients.lastSync - 0 FF - user.js: services.sync.clients.lastSyncLocal - 0 FF - user.js: services.sync.migrated - true FF - user.js: services.sync.tabs.lastSync - 0 FF - user.js: services.sync.tabs.lastSyncLocal - 0 FF - user.js: storage.vacuum.last.index - 1 FF - user.js: storage.vacuum.last.places.sqlite - 1304123837 FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1308963734 FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - . ============= SERVICES / DRIVERS =============== . R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-5-23 352656] R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-7 54760] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-11-22 91456] R2 NtLmSsp32;NT LM Security Support Provider ;c:\windows\system32\ipxwan32.exe [2011-5-2 692736] R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280] R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768] R3 slim;Sony Lucid Integrated Mpeg encoder;c:\windows\system32\drivers\slim.sys [2006-6-13 698496] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-6-13 226304] R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-1 38224] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?] S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-11-22 25856] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-11-22 42752] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-6-13 29184] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-5-20 1120960] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-05-30 23:41:20 -------- d-----w- c:\documents and settings\admisterator\local settings\application data\Xara 2011-05-29 08:19:02 -------- d-----w- c:\documents and settings\admisterator\application data\vmntemplate 2011-05-29 07:34:58 -------- d-----w- c:\documents and settings\admisterator\application data\whitesmoketoolbar 2011-05-29 07:15:28 -------- d-----w- c:\program files\whitesmoketoolbar 2011-05-26 07:09:24 -------- d-sha-r- C:\cmdcons 2011-05-26 07:07:33 98816 ----a-w- c:\windows\sed.exe 2011-05-26 07:07:33 518144 ----a-w- c:\windows\SWREG.exe 2011-05-26 07:07:33 256512 ----a-w- c:\windows\PEV.exe 2011-05-26 07:07:33 208896 ----a-w- c:\windows\MBR.exe 2011-05-26 03:57:21 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters 2011-05-25 23:45:25 -------- d-sh--w- c:\documents and settings\admisterator\IECompatCache 2011-05-25 21:57:52 -------- d-----w- c:\documents and settings\all users\application data\Nexon 2011-05-23 23:09:17 -------- d-----w- c:\documents and settings\all users\application data\IObit 2011-05-23 23:07:09 -------- d-----w- c:\documents and settings\admisterator\application data\IObit 2011-05-23 23:07:06 -------- d-----w- c:\program files\IObit 2011-05-22 09:30:48 -------- d-----w- c:\documents and settings\admisterator\application data\TeamViewer 2011-05-21 12:37:12 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll 2011-05-21 12:36:54 -------- d-----w- c:\program files\common files\xing shared 2011-05-21 12:36:44 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll 2011-05-21 12:36:41 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll 2011-05-21 11:53:07 -------- d-----w- c:\program files\AhnLab 2011-05-21 11:53:07 -------- d-----w- c:\documents and settings\admisterator\AppData 2011-05-19 21:09:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-05 06:21:00 -------- d-----w- c:\documents and settings\admisterator\application data\Malwarebytes 2011-05-03 21:05:23 0 ---ha-w- c:\documents and settings\admisterator\simpaytrtp.tmp 2011-05-03 01:20:29 692736 ----a-w- c:\windows\system32\hccoin32.exe 2011-05-03 01:20:29 155648 ----a-w- c:\windows\system32\LFCMP10N32.dll 2011-05-03 01:20:28 692736 ----a-w- c:\windows\system32\ipxwan32.exe . ==================== Find3M ==================== . 2011-05-21 12:36:32 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-05-21 12:36:32 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-03-10 23:41:27 775 ----a-w- C:\cleanup.bat 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll . ============= FINISH: 15:21:07.71 =============== And my DDS (Attach.txt) attach.zip I appreciate the help.
  10. Hi my name is Miguel and Ive been trying to get rid of this problem for over 2 weeks now. I am using MBAM and when ever I scan my laptop the malware appears even tho MBAM said its been quarantined and successfully deleted. I scan my laptop everyday but no luck. I would really appreciate it if someone can help me. This is the log file from my last scan Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6678 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/31/2011 3:42:42 PM mbam-log-2011-05-31 (15-42-42).txt Scan type: Quick scan Objects scanned: 169320 Time elapsed: 7 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\atmpvcno32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000d2b2c03e1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000d2b2c03e1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000d2b2c03e1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000d2b2c03e1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully. I appreciate your help and assistance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.