Jump to content

Villianci

Honorary Members
 View Profile  See their activity

  • Posts

    25

  • Joined

  • Last visited

 Content Type 

Everything posted by Villianci

  1. Villianci
    Thanks a lot Maniac. For your patience and effort.
  2. Villianci
    After running fix.bat, I was able to manually delete the 2 files. After that, did a scan with Eset online scanner and nothing was found.
  3. Villianci
    Bootkit Remover version 1.0.0.1 © 2009 eSage Lab www.esagelab.com Restoring boot code at \\.\PhysicalDrive0... OK Press any key to quit...
  4. Villianci
    I have partitions on my harddisk btw.
  5. Villianci
    Bootkit Remover version 1.0.0.1 © 2009 eSage Lab www.esagelab.com \\.\C: -> \\.\PhysicalDrive0 MD5: 3052b732c75e3784ad1b1f06d0fcf12f \\.\D: -> \\.\PhysicalDrive0 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Press any key to quit...
  6. Villianci
    Just restart my Laptop, the 2 files reappeared. Based on your knowledge, can this be effective? http://forums.majorgeeks.com/showthread.php?t=217807
  7. Villianci
    C:\System Volume Information\Microsoft\smss.exe Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting (after the next restart) - quarantined Operating memory Win32/TrojanDownloader.Unruy.BT trojan contained infected files To note: the 2 exe files are from Black Internet Inc. Is there anything I can do to tackle it from MBR?
  8. Villianci
    Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\System Volume Information\Microsoft\services.exe" deleted successfully. File "C:\System Volume Information\Microsoft\smss.exe" deleted successfully. Completed script processing. ******************* Finished! Terminate. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 03:09:45, on 03-Jul-10 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe C:\System Volume Information\Microsoft\services.exe C:\WINDOWS\system32\spoolsv.exe C:\System Volume Information\Microsoft\smss.exe C:\WINDOWS\Explorer.EXE C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\Windows\system32\TpShocks.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\San\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe O4 - HKLM\..\Run: [TpShocks] C:\Windows\system32\TpShocks.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - http://web.lead.com.sg/SchoolDNA/Common/saxfile.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX
  9. Villianci
    C:\Documents and Settings\San\desktop\UBCD4WinV350.exe multiple threats deleted - quarantined C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\2kkrgtnm.default\Cache\1EF26877d01 a variant of Win32/Kryptik.YI trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\System Volume Information\Microsoft\services.exe.vir Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\System Volume Information\Microsoft\smss.exe.vir Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\System Volume Information\Microsoft\_services_.exe.zip Win32/TrojanDownloader.Unruy.BT trojan deleted - quarantined C:\Qoobox\Quarantine\C\System Volume Information\Microsoft\_smss_.exe.zip Win32/TrojanDownloader.Unruy.BT trojan deleted - quarantined C:\System Volume Information\Microsoft\services.exe Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting (after the next restart) - quarantined C:\System Volume Information\Microsoft\smss.exe Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting (after the next restart) - quarantined C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView application deleted - quarantined C:\UBCD4Win\plugin\Network\CrossLoop\files\winvnc.exe Win32/RemoteAdmin.WinVNC application cleaned by deleting - quarantined Operating memory Win32/TrojanDownloader.Unruy.BT trojan contained infected files
  10. Villianci
    ComboFix 10-07-01.02 - San 02-Jul-10 23:12:07.7.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.955.669 [GMT 8:00] Running from: c:\documents and settings\San\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\San\Desktop\CFScript.txt . ((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 ))))))))))))))))))))))))))))))) . 2010-07-02 07:00 . 2010-07-02 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-07-01 09:33 . 2010-07-01 09:33 -------- d-----w- c:\program files\Compaq 2010-07-01 09:18 . 2010-07-01 09:18 -------- d-----w- C:\DriveKey 2010-07-01 06:52 . 2010-07-01 08:28 -------- d-----w- C:\UBCD4Win 2010-06-19 21:15 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-19 21:15 . 2010-06-19 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-19 21:15 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 21:09 . 2010-06-30 07:58 -------- d-----w- c:\documents and settings\San\Application Data\QuickScan 2010-06-19 17:34 . 2010-06-19 17:34 -------- d-----w- c:\program files\StreamTorrent 1.0 2010-06-19 17:34 . 2010-06-19 17:34 -------- d-----w- c:\documents and settings\San\Application Data\StreamTorrent 2010-06-18 09:06 . 2010-06-18 09:06 -------- d-----w- c:\program files\AVG 2010-06-18 09:05 . 2010-07-01 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-06-18 08:24 . 2010-06-18 08:24 -------- d-----w- c:\program files\Common Files\Java 2010-06-18 08:23 . 2010-06-18 08:23 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-18 08:14 . 2010-06-18 08:22 -------- d-----w- c:\documents and settings\San\.SunDownloadManager 2010-06-18 07:59 . 2010-06-18 07:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-06-18 06:10 . 2010-06-18 06:10 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-06-17 16:48 . 2010-06-17 16:48 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-17 16:44 . 2010-06-18 16:46 -------- d-----w- c:\program files\Lavasoft 2010-06-17 16:44 . 2010-06-18 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-17 09:23 . 2010-06-17 09:23 -------- d-----w- c:\program files\Sophos 2010-06-17 05:46 . 2010-06-17 05:46 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert 2010-06-17 04:20 . 2010-06-17 04:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-06-16 19:30 . 2010-07-02 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-16 19:30 . 2010-06-17 03:44 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-16 14:07 . 2010-06-16 14:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-06-16 14:07 . 2010-06-16 14:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-06-10 06:46 . 2010-06-10 10:22 -------- d-----w- c:\documents and settings\San\Local Settings\Application Data\Super Internet TV 2010-06-10 04:23 . 2010-04-20 05:30 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll 2010-06-10 04:22 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-09 16:27 . 2010-06-18 08:43 -------- d-----w- c:\documents and settings\San\Application Data\MechCAD 2010-06-06 04:59 . 2010-06-11 05:16 -------- d-----w- c:\documents and settings\San\Application Data\Red Alert 3 Uprising 2010-06-06 04:22 . 2010-06-06 04:22 -------- d-----w- c:\program files\Electronic Arts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-02 12:02 . 2010-01-22 04:15 -------- d-----w- c:\program files\Ken Ward's Makeup 2010-07-02 11:16 . 2009-10-04 02:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-02 11:16 . 2009-10-04 02:51 -------- d-----w- c:\program files\SpywareBlaster 2010-07-01 09:18 . 2008-10-19 05:14 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-01 05:45 . 2009-05-09 14:08 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-07-01 05:37 . 2009-04-10 22:34 188152 ----a-w- c:\documents and settings\San\Application Data\Mozilla\Firefox\Profiles\2kkrgtnm.default\FlashGot.exe 2010-07-01 05:35 . 2010-03-20 04:59 117760 ----a-w- c:\documents and settings\San\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-07-01 05:19 . 2009-10-04 03:03 -------- d-----w- c:\program files\a-squared Free 2010-06-30 14:42 . 2008-10-19 09:46 -------- d-----w- c:\program files\ESET 2010-06-21 16:28 . 2009-01-14 12:45 2568656 ----a-w- c:\documents and settings\San\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-06-21 16:11 . 2009-10-05 19:01 -------- d-----w- c:\documents and settings\San\Application Data\Image Zone Express 2010-06-21 02:01 . 2008-10-19 09:42 -------- d-----w- c:\documents and settings\San\Application Data\Thinstall 2010-06-20 06:19 . 2010-01-02 17:17 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-18 08:37 . 2010-01-02 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-06-18 08:37 . 2010-06-18 08:37 61440 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1affcee8-n\decora-sse.dll 2010-06-18 08:37 . 2010-06-18 08:37 12800 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1affcee8-n\decora-d3d.dll 2010-06-18 08:36 . 2009-12-08 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-06-18 08:34 . 2010-06-18 08:34 503808 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62020c4a-n\msvcp71.dll 2010-06-18 08:34 . 2010-06-18 08:34 499712 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62020c4a-n\jmc.dll 2010-06-18 08:34 . 2010-06-18 08:34 348160 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62020c4a-n\msvcr71.dll 2010-06-18 04:24 . 2010-03-16 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\X-Setup Pro 2010-06-18 04:17 . 2010-01-22 04:32 -------- d-----w- c:\program files\Advanced JPEG Compressor 2010-06-17 18:09 . 2010-03-22 03:01 -------- d-----w- c:\program files\Advanced MP3 Renamer 2010-06-17 03:39 . 2009-08-23 10:30 -------- d-----w- c:\program files\Glary Utilities 2010-06-10 06:54 . 2010-05-11 05:47 -------- d-----w- c:\program files\SopCast 2010-06-07 13:23 . 2009-10-13 17:31 100620 ---ha-w- c:\windows\system32\mlfcache.dat 2010-06-04 15:30 . 2009-11-11 06:30 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-31 09:33 . 2010-05-31 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2010-05-27 02:50 . 2009-11-25 12:01 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-25 08:58 . 2008-10-19 06:13 157648 ----a-w- c:\documents and settings\San\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-25 07:41 . 2009-12-06 10:44 -------- d-----w- c:\documents and settings\San\Application Data\muvee Technologies 2010-05-24 06:04 . 2009-12-05 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies 2010-05-24 04:07 . 2009-12-04 13:11 -------- d-----w- c:\program files\MAGIX 2010-05-24 04:01 . 2009-12-04 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX 2010-05-23 13:30 . 2009-10-21 04:17 -------- d-----w- c:\documents and settings\San\Application Data\U3 2010-05-23 06:28 . 2010-05-23 06:28 -------- d-----w- c:\documents and settings\San\Application Data\Red Alert 3 2010-05-23 00:13 . 2010-05-23 00:13 -------- d-----w- c:\program files\SystemRequirementsLab 2010-05-23 00:12 . 2010-05-23 00:12 85504 ----a-w- c:\documents and settings\San\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll 2010-05-23 00:12 . 2010-05-23 00:12 -------- d-----w- c:\documents and settings\San\Application Data\SystemRequirementsLab 2010-05-22 18:16 . 2010-05-22 18:16 -------- d-----w- c:\program files\vSoft 2010-05-19 07:01 . 2010-05-19 06:57 -------- d-----w- c:\documents and settings\San\Application Data\Similarity 2010-05-19 05:59 . 2010-05-19 05:59 1006080 ----a-r- c:\documents and settings\San\Application Data\Microsoft\Installer\{11ABE2F4-DBCD-45D1-ABBB-C13FDDC4568A}\Similarity.exe 2010-05-19 05:59 . 2010-05-19 05:59 -------- d-----w- c:\program files\Similarity 2010-05-13 03:54 . 2009-01-13 16:06 -------- d-----w- c:\program files\Google 2010-05-11 06:25 . 2010-05-11 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks 2010-05-11 06:15 . 2008-10-15 16:17 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-05-10 01:01 . 2010-05-10 01:01 -------- d-----w- c:\program files\Sandboxie 2010-05-06 10:41 . 2008-03-04 11:52 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-05 15:57 . 2010-05-05 15:50 -------- d-----w- c:\documents and settings\San\Application Data\DiskSpaceFan 2010-05-05 15:50 . 2010-05-05 15:50 -------- d-----w- c:\program files\DiskSpaceFan 2010-05-02 05:22 . 2007-09-20 01:27 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-28 14:46 . 2010-04-28 14:45 59 ----a-w- c:\windows\wpd99.drv 2010-04-28 14:45 . 2010-04-28 14:45 51716 ----a-w- c:\windows\system32\pdf995mon.dll 2010-04-28 14:45 . 2010-04-28 14:45 249856 ----a-w- c:\windows\system32\pdfmona.dll 2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2009-11-22 22:50 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-01 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-03 1040384] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-06-11 1454080] "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-05-21 4456448] "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-06-30 1283984] "TpShocks"="c:\windows\system32\TpShocks.exe" [2008-04-09 181512] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "RTHDCPL"="RTHDCPL.EXE" [2008-06-10 16871936] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 06:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^San^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^San^Start Menu^Programs^Startup^MagicDisc.lnk] backup=c:\windows\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-02-18 08:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"= R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [19-Oct-08 1:38 PM 18960] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-Feb-10 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17-Feb-10 10:15 AM 66632] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [04-Oct-09 11:03 AM 1872320] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20-Jun-10 5:15 AM 304464] R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [19-Oct-08 1:38 PM 430080] R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [19-Oct-08 1:38 PM 47680] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [19-Oct-08 1:18 PM 9472] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20-Jun-10 5:15 AM 20952] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [19-Oct-08 1:14 PM 156160] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-May-10 11:52 AM 136176] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [24-May-10 12:00 PM 1527900] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [09-Dec-09 10:21 AM 102656] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [26-Aug-09 4:49 AM 17408] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17-Feb-10 10:15 AM 12872] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16-Jun-09 9:46 AM 79888] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [19-Oct-08 1:33 PM 81192] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27-Nov-08 11:04 AM 721904] . Contents of the 'Scheduled Tasks' folder 2010-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34] 2010-07-02 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-08-23 02:01] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 11:47] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 11:47] 2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1960408961-725345543-1003Core.job - c:\documents and settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-24 17:31] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1960408961-725345543-1003UA.job - c:\documents and settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-24 17:31] 2010-07-02 c:\windows\Tasks\User_Feed_Synchronization-{62C52952-E98C-4041-869E-5C46156D1019}.job - c:\windows\system32\msfeedssync.exe [2008-10-19 20:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} - hxxp://web.lead.com.sg/SchoolDNA/Common/saxfile.cab FF - ProfilePath - c:\documents and settings\San\Application Data\Mozilla\Firefox\Profiles\2kkrgtnm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sg/ig FF - plugin: c:\documents and settings\San\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - AddRemove-HijackThis - c:\documents and settings\San\Desktop\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-02 23:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1292428093-1960408961-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:55,39,98,6a,05,23,f5,ce,5e,a9,a9,88,22,d1,03,13,9c,6b,29,fb,12, 9c,26,13,cd,2d,08,ec,a8,4b,68,e6,65,38,a9,81,85,12,9a,35,66,e1,9b,af,4a,1d,\ "rkeysecu"=hex:31,1d,5f,b7,c5,09,e5,84,7f,b6,8a,d1,23,6b,c9,40 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1140) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(780) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\btncopy.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe c:\system volume information\Microsoft\services.exe c:\system volume information\Microsoft\smss.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Sandboxie\SbieSvc.exe c:\windows\System32\TPHDEXLG.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\SOUNDMAN.EXE c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Internet Explorer\IEXPLORE.EXE . ************************************************************************** . Completion time: 2010-07-02 23:26:55 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-02 15:26 ComboFix2.txt 2010-07-02 13:16 ComboFix3.txt 2010-06-28 08:40 Pre-Run: 10,547,032,064 bytes free Post-Run: 9,479,434,240 bytes free - - End Of File - - 4AF465B0239D0D861BCDADE031BAE7E8
  11. Villianci
    After the end of the scan, I found that System Restore was switched on automatically. Had switched in off again. Once again, I thank you for your patience. ComboFix 10-07-01.02 - San 02-Jul-10 20:52:52.6.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.955.701 [GMT 8:00] Running from: c:\documents and settings\San\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\San\Desktop\CFScript.txt FILE :: "c:\system volume information\Microsoft\services.exe" "c:\system volume information\Microsoft\smss.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\system volume information\Microsoft\services.exe . . . . failed to delete c:\system volume information\Microsoft\smss.exe . . . . failed to delete . ---- Previous Run ------- . c:\system volume information\Microsoft\smss.exe c:\system volume information\Microsoft\services.exe . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VVDSVC -------\Service_vvdsvc ((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 ))))))))))))))))))))))))))))))) . 2010-07-02 07:00 . 2010-07-02 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-07-01 09:33 . 2010-07-01 09:33 -------- d-----w- c:\program files\Compaq 2010-07-01 09:18 . 2010-07-01 09:18 -------- d-----w- C:\DriveKey 2010-07-01 06:52 . 2010-07-01 08:28 -------- d-----w- C:\UBCD4Win 2010-06-19 21:15 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-19 21:15 . 2010-06-19 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-19 21:15 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 21:09 . 2010-06-30 07:58 -------- d-----w- c:\documents and settings\San\Application Data\QuickScan 2010-06-19 17:34 . 2010-06-19 17:34 -------- d-----w- c:\program files\StreamTorrent 1.0 2010-06-19 17:34 . 2010-06-19 17:34 -------- d-----w- c:\documents and settings\San\Application Data\StreamTorrent 2010-06-18 09:06 . 2010-06-18 09:06 -------- d-----w- c:\program files\AVG 2010-06-18 09:05 . 2010-07-01 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-06-18 08:24 . 2010-06-18 08:24 -------- d-----w- c:\program files\Common Files\Java 2010-06-18 08:23 . 2010-06-18 08:23 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-18 08:14 . 2010-06-18 08:22 -------- d-----w- c:\documents and settings\San\.SunDownloadManager 2010-06-18 07:59 . 2010-06-18 07:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-06-18 06:10 . 2010-06-18 06:10 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-06-17 16:48 . 2010-06-17 16:48 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-17 16:44 . 2010-06-18 16:46 -------- d-----w- c:\program files\Lavasoft 2010-06-17 16:44 . 2010-06-18 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-17 09:23 . 2010-06-17 09:23 -------- d-----w- c:\program files\Sophos 2010-06-17 05:46 . 2010-06-17 05:46 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert 2010-06-17 04:20 . 2010-06-17 04:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-06-16 19:30 . 2010-07-02 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-16 19:30 . 2010-06-17 03:44 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-16 14:07 . 2010-06-16 14:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-06-16 14:07 . 2010-06-16 14:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-06-10 06:46 . 2010-06-10 10:22 -------- d-----w- c:\documents and settings\San\Local Settings\Application Data\Super Internet TV 2010-06-10 04:23 . 2010-04-20 05:30 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll 2010-06-10 04:22 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-09 16:27 . 2010-06-18 08:43 -------- d-----w- c:\documents and settings\San\Application Data\MechCAD 2010-06-06 04:59 . 2010-06-11 05:16 -------- d-----w- c:\documents and settings\San\Application Data\Red Alert 3 Uprising 2010-06-06 04:22 . 2010-06-06 04:22 -------- d-----w- c:\program files\Electronic Arts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-02 12:02 . 2010-01-22 04:15 -------- d-----w- c:\program files\Ken Ward's Makeup 2010-07-02 11:16 . 2009-10-04 02:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-02 11:16 . 2009-10-04 02:51 -------- d-----w- c:\program files\SpywareBlaster 2010-07-01 09:18 . 2008-10-19 05:14 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-01 05:45 . 2009-05-09 14:08 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-07-01 05:37 . 2009-04-10 22:34 188152 ----a-w- c:\documents and settings\San\Application Data\Mozilla\Firefox\Profiles\2kkrgtnm.default\FlashGot.exe 2010-07-01 05:35 . 2010-03-20 04:59 117760 ----a-w- c:\documents and settings\San\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-07-01 05:19 . 2009-10-04 03:03 -------- d-----w- c:\program files\a-squared Free 2010-06-30 14:42 . 2008-10-19 09:46 -------- d-----w- c:\program files\ESET 2010-06-21 16:28 . 2009-01-14 12:45 2568656 ----a-w- c:\documents and settings\San\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-06-21 16:11 . 2009-10-05 19:01 -------- d-----w- c:\documents and settings\San\Application Data\Image Zone Express 2010-06-21 02:01 . 2008-10-19 09:42 -------- d-----w- c:\documents and settings\San\Application Data\Thinstall 2010-06-20 06:19 . 2010-01-02 17:17 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-18 08:37 . 2010-01-02 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-06-18 08:37 . 2010-06-18 08:37 61440 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1affcee8-n\decora-sse.dll 2010-06-18 08:37 . 2010-06-18 08:37 12800 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1affcee8-n\decora-d3d.dll 2010-06-18 08:36 . 2009-12-08 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-06-18 08:34 . 2010-06-18 08:34 503808 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62020c4a-n\msvcp71.dll 2010-06-18 08:34 . 2010-06-18 08:34 499712 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62020c4a-n\jmc.dll 2010-06-18 08:34 . 2010-06-18 08:34 348160 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62020c4a-n\msvcr71.dll 2010-06-18 04:24 . 2010-03-16 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\X-Setup Pro 2010-06-18 04:17 . 2010-01-22 04:32 -------- d-----w- c:\program files\Advanced JPEG Compressor 2010-06-17 18:09 . 2010-03-22 03:01 -------- d-----w- c:\program files\Advanced MP3 Renamer 2010-06-17 03:39 . 2009-08-23 10:30 -------- d-----w- c:\program files\Glary Utilities 2010-06-10 06:54 . 2010-05-11 05:47 -------- d-----w- c:\program files\SopCast 2010-06-07 13:23 . 2009-10-13 17:31 100620 ---ha-w- c:\windows\system32\mlfcache.dat 2010-06-04 15:30 . 2009-11-11 06:30 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-31 09:33 . 2010-05-31 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2010-05-27 02:50 . 2009-11-25 12:01 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-25 08:58 . 2008-10-19 06:13 157648 ----a-w- c:\documents and settings\San\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-25 07:41 . 2009-12-06 10:44 -------- d-----w- c:\documents and settings\San\Application Data\muvee Technologies 2010-05-24 06:04 . 2009-12-05 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies 2010-05-24 04:07 . 2009-12-04 13:11 -------- d-----w- c:\program files\MAGIX 2010-05-24 04:01 . 2009-12-04 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX 2010-05-23 13:30 . 2009-10-21 04:17 -------- d-----w- c:\documents and settings\San\Application Data\U3 2010-05-23 06:28 . 2010-05-23 06:28 -------- d-----w- c:\documents and settings\San\Application Data\Red Alert 3 2010-05-23 00:13 . 2010-05-23 00:13 -------- d-----w- c:\program files\SystemRequirementsLab 2010-05-23 00:12 . 2010-05-23 00:12 85504 ----a-w- c:\documents and settings\San\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll 2010-05-23 00:12 . 2010-05-23 00:12 -------- d-----w- c:\documents and settings\San\Application Data\SystemRequirementsLab 2010-05-22 18:16 . 2010-05-22 18:16 -------- d-----w- c:\program files\vSoft 2010-05-19 07:01 . 2010-05-19 06:57 -------- d-----w- c:\documents and settings\San\Application Data\Similarity 2010-05-19 05:59 . 2010-05-19 05:59 1006080 ----a-r- c:\documents and settings\San\Application Data\Microsoft\Installer\{11ABE2F4-DBCD-45D1-ABBB-C13FDDC4568A}\Similarity.exe 2010-05-19 05:59 . 2010-05-19 05:59 -------- d-----w- c:\program files\Similarity 2010-05-13 03:54 . 2009-01-13 16:06 -------- d-----w- c:\program files\Google 2010-05-11 06:25 . 2010-05-11 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks 2010-05-11 06:15 . 2008-10-15 16:17 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-05-10 01:01 . 2010-05-10 01:01 -------- d-----w- c:\program files\Sandboxie 2010-05-06 10:41 . 2008-03-04 11:52 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-05 15:57 . 2010-05-05 15:50 -------- d-----w- c:\documents and settings\San\Application Data\DiskSpaceFan 2010-05-05 15:50 . 2010-05-05 15:50 -------- d-----w- c:\program files\DiskSpaceFan 2010-05-02 05:22 . 2007-09-20 01:27 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-28 14:46 . 2010-04-28 14:45 59 ----a-w- c:\windows\wpd99.drv 2010-04-28 14:45 . 2010-04-28 14:45 51716 ----a-w- c:\windows\system32\pdf995mon.dll 2010-04-28 14:45 . 2010-04-28 14:45 249856 ----a-w- c:\windows\system32\pdfmona.dll 2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2009-11-22 22:50 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-01 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-03 1040384] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-06-11 1454080] "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-05-21 4456448] "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-06-30 1283984] "TpShocks"="c:\windows\system32\TpShocks.exe" [2008-04-09 181512] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "RTHDCPL"="RTHDCPL.EXE" [2008-06-10 16871936] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 06:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^San^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^San^Start Menu^Programs^Startup^MagicDisc.lnk] backup=c:\windows\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-02-18 08:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"= R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [19-Oct-08 1:38 PM 18960] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-Feb-10 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17-Feb-10 10:15 AM 66632] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [04-Oct-09 11:03 AM 1872320] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20-Jun-10 5:15 AM 304464] R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [19-Oct-08 1:38 PM 430080] R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [19-Oct-08 1:38 PM 47680] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [19-Oct-08 1:18 PM 9472] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20-Jun-10 5:15 AM 20952] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [19-Oct-08 1:14 PM 156160] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-May-10 11:52 AM 136176] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [24-May-10 12:00 PM 1527900] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [09-Dec-09 10:21 AM 102656] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [26-Aug-09 4:49 AM 17408] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17-Feb-10 10:15 AM 12872] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16-Jun-09 9:46 AM 79888] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [19-Oct-08 1:33 PM 81192] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27-Nov-08 11:04 AM 721904] . Contents of the 'Scheduled Tasks' folder 2010-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34] 2010-07-02 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-08-23 02:01] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 11:47] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 11:47] 2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1960408961-725345543-1003Core.job - c:\documents and settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-24 17:31] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1960408961-725345543-1003UA.job - c:\documents and settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-24 17:31] 2010-07-02 c:\windows\Tasks\User_Feed_Synchronization-{62C52952-E98C-4041-869E-5C46156D1019}.job - c:\windows\system32\msfeedssync.exe [2008-10-19 20:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} - hxxp://web.lead.com.sg/SchoolDNA/Common/saxfile.cab FF - ProfilePath - c:\documents and settings\San\Application Data\Mozilla\Firefox\Profiles\2kkrgtnm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sg/ig FF - plugin: c:\documents and settings\San\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10b.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-02 21:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1292428093-1960408961-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:55,39,98,6a,05,23,f5,ce,5e,a9,a9,88,22,d1,03,13,9c,6b,29,fb,12, 9c,26,13,cd,2d,08,ec,a8,4b,68,e6,65,38,a9,81,85,12,9a,35,66,e1,9b,af,4a,1d,\ "rkeysecu"=hex:31,1d,5f,b7,c5,09,e5,84,7f,b6,8a,d1,23,6b,c9,40 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1140) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3456) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\btncopy.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Sandboxie\SbieSvc.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Internet Explorer\IEXPLORE.EXE c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\SOUNDMAN.EXE c:\program files\iPod\bin\iPodService.exe c:\system volume information\Microsoft\services.exe c:\system volume information\Microsoft\smss.exe . ************************************************************************** . Completion time: 2010-07-02 21:16:48 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-02 13:16 ComboFix2.txt 2010-06-28 08:40 Pre-Run: 10,546,401,280 bytes free Post-Run: 9,481,588,736 bytes free - - End Of File - - C2ED2E25E557C0314093B237E4E9C435
  12. Villianci
    I cant launch the program or even its alternate versions.
  13. Villianci
    After 2 rounds of scanning using Eset Online scanneron normal mode and Safe mode, The same problem keeps coming up. Smss.exe services.exe have been identified many times as the source(es) of infection. The computer keep trying to connect to 94.75.229.139. And clicking sound can be heard many times.
  14. Villianci
    I swear that System Restore was switched off since the first post on this thread. I will do as follow and update u.
  15. Villianci
    Did the scan and the following was discovered. C:\System Volume Information\Microsoft\services.exe Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting (after the next restart) - quarantined C:\System Volume Information\Microsoft\smss.exe Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting (after the next restart) - quarantined Operating memory Win32/TrojanDownloader.Unruy.BT trojan contained infected files This trojan had been deleted many times using Avira Antivirus but it keeps popping up again and again.
  16. Villianci
    Hi there, Apologies for the late reply. Here is the log u requested. gmer.txt
  17. Villianci
    2 instances of Iexplorer.exe still present. Sound still automute at times. In the report, there is no more signs of infection?
  18. Villianci
    Here's the ComboFix Log report. First test - BSOD while preparing report. Second Test - Success ComboFix.txt
  19. Villianci
    First time I did the scan, there is a BSOD. Now it just stay at the scanning part for close to 15 minutes.
  20. Villianci
    Here's the ComboFix Log report. log.txt
  21. Villianci
    Made a check and there is a Log file. 14:56:56:594 2604 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48 14:56:56:594 2604 ================================================================================ 14:56:56:594 2604 SystemInfo: 14:56:56:594 2604 OS Version: 5.1.2600 ServicePack: 3.0 14:56:56:594 2604 Product type: Workstation 14:56:56:594 2604 ComputerName: YENSAN 14:56:56:594 2604 UserName: San 14:56:56:594 2604 Windows directory: C:\WINDOWS 14:56:56:594 2604 Processor architecture: Intel x86 14:56:56:594 2604 Number of processors: 2 14:56:56:594 2604 Page size: 0x1000 14:56:56:610 2604 Boot type: Normal boot 14:56:56:610 2604 ================================================================================ 14:56:56:813 2604 Initialize success 14:56:56:813 2604 14:56:56:813 2604 Scanning Services ... 14:56:56:875 2604 Raw services enum returned 360 services 14:56:56:875 2604 14:56:56:875 2604 Scanning Drivers ... 14:56:57:313 2604 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 14:56:57:360 2604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 14:56:57:391 2604 ACPIVPC (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys 14:56:57:422 2604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 14:56:57:453 2604 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 14:56:57:485 2604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 14:56:57:500 2604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys 14:56:57:516 2604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 14:56:57:547 2604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 14:56:57:625 2604 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 14:56:57:641 2604 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 14:56:57:672 2604 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys 14:56:57:719 2604 b57w2k (e470738b601a7fbb1e1c34cec8355f5d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 14:56:57:766 2604 BCM43XX (164a0ac9ef86ef4b9c5bc6081f9acbeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 14:56:57:813 2604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 14:56:57:860 2604 btaudio (b6e16da77eafe84a8c5bc44784feeaea) C:\WINDOWS\system32\drivers\btaudio.sys 14:56:57:891 2604 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys 14:56:57:922 2604 BTKRNL (ef5e0de0a7ca2977a9255f36f4d915ab) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 14:56:57:953 2604 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 14:56:57:953 2604 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys 14:56:58:000 2604 Cam5607 (a60e0a5ede7684a05927e8bb68d3e44a) C:\WINDOWS\system32\Drivers\BisonC07.sys 14:56:58:031 2604 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 14:56:58:063 2604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 14:56:58:078 2604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 14:56:58:110 2604 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 14:56:58:125 2604 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 14:56:58:172 2604 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 14:56:58:219 2604 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys 14:56:58:219 2604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 14:56:58:266 2604 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 14:56:58:281 2604 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 14:56:58:313 2604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 14:56:58:328 2604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 14:56:58:344 2604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 14:56:58:360 2604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 14:56:58:391 2604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 14:56:58:406 2604 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 14:56:58:406 2604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 14:56:58:438 2604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 14:56:58:469 2604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 14:56:58:469 2604 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 14:56:58:500 2604 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 14:56:58:547 2604 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys 14:56:58:578 2604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 14:56:58:610 2604 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys 14:56:58:656 2604 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 14:56:58:672 2604 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 14:56:58:703 2604 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 14:56:58:735 2604 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 14:56:58:735 2604 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 14:56:58:766 2604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 14:56:58:813 2604 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 14:56:58:813 2604 hwusbfake (9be5caeabc6b2eb98b3a4839a55d47a0) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys 14:56:58:844 2604 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 14:56:59:016 2604 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 14:56:59:156 2604 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\DRIVERS\iaStor.sys 14:56:59:203 2604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 14:56:59:453 2604 IntcAzAudAddService (9214948f697ea74203c4fbb23530e2b5) C:\WINDOWS\system32\drivers\RtkHDAud.sys 14:56:59:563 2604 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 14:56:59:594 2604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 14:56:59:610 2604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 14:56:59:625 2604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 14:56:59:656 2604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 14:56:59:656 2604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 14:56:59:672 2604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 14:56:59:672 2604 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 14:56:59:688 2604 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 14:56:59:719 2604 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys 14:56:59:750 2604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 14:56:59:781 2604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 14:56:59:828 2604 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys 14:56:59:860 2604 mcdbus (180101e72bfc60c03800094d36d3eb29) C:\WINDOWS\system32\DRIVERS\mcdbus.sys 14:56:59:891 2604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 14:56:59:938 2604 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 14:56:59:953 2604 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 14:56:59:985 2604 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 14:57:00:031 2604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 14:57:00:250 2604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 14:57:00:453 2604 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 14:57:00:516 2604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 14:57:00:610 2604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 14:57:00:656 2604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 14:57:00:719 2604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 14:57:00:781 2604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 14:57:00:906 2604 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 14:57:01:078 2604 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 14:57:01:156 2604 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 14:57:01:172 2604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 14:57:01:188 2604 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 14:57:01:203 2604 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 14:57:01:219 2604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 14:57:01:235 2604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 14:57:01:250 2604 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 14:57:01:313 2604 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\WINDOWS\system32\DRIVERS\netaapl.sys 14:57:01:391 2604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 14:57:01:422 2604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 14:57:01:438 2604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 14:57:01:469 2604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 14:57:01:719 2604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 14:57:01:797 2604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 14:57:01:828 2604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 14:57:01:875 2604 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 14:57:01:891 2604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 14:57:01:891 2604 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 14:57:01:906 2604 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 14:57:01:938 2604 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 14:57:01:969 2604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 14:57:01:985 2604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 14:57:02:016 2604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 14:57:02:031 2604 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 14:57:02:047 2604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 14:57:02:094 2604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 14:57:02:110 2604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 14:57:02:125 2604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 14:57:02:141 2604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 14:57:02:156 2604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 14:57:02:172 2604 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 14:57:02:203 2604 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 14:57:02:219 2604 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 14:57:02:250 2604 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys 14:57:02:281 2604 RSUSBSTOR (680a7aba84a7863c89b5440c9c1e0895) C:\WINDOWS\system32\Drivers\RTS5121.sys 14:57:02:328 2604 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 14:57:02:344 2604 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 14:57:02:360 2604 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 14:57:02:391 2604 SbieDrv (8767091e7b57c686b3f97754c30949be) C:\Program Files\Sandboxie\SbieDrv.sys 14:57:02:453 2604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 14:57:02:485 2604 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 14:57:02:516 2604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 14:57:02:531 2604 Shockprf (25846eed27d64192316563ac9726915e) C:\WINDOWS\system32\DRIVERS\Apsx86.sys 14:57:02:563 2604 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 14:57:02:610 2604 smserial (5e62ba073c90e6c9d4ea199d6080f919) C:\WINDOWS\system32\DRIVERS\smserial.sys 14:57:02:641 2604 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys 14:57:02:672 2604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 14:57:02:719 2604 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys 14:57:02:766 2604 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 14:57:02:797 2604 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 14:57:02:844 2604 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 14:57:02:875 2604 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys 14:57:02:891 2604 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 14:57:02:922 2604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 14:57:02:938 2604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 14:57:02:969 2604 SynTP (5fd4526c1ac93b5dd91cd97f92a3472e) C:\WINDOWS\system32\DRIVERS\SynTP.sys 14:57:03:000 2604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 14:57:03:047 2604 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys 14:57:03:078 2604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 14:57:03:125 2604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 14:57:03:141 2604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 14:57:03:156 2604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 14:57:03:188 2604 TPDIGIMN (a9be745d60369658b4ef0ed2ef941a9e) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys 14:57:03:219 2604 tvtumon (42b8e407ccb5a435c2dbbf119cd7f2dc) C:\WINDOWS\system32\drivers\tvtumon.sys 14:57:03:250 2604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 14:57:03:281 2604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 14:57:03:313 2604 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys 14:57:03:344 2604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 14:57:03:375 2604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 14:57:03:391 2604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 14:57:03:422 2604 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 14:57:03:453 2604 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 14:57:03:485 2604 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 14:57:03:500 2604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 14:57:03:531 2604 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 14:57:03:531 2604 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 14:57:03:563 2604 uti3mtk2 (524d8d450622db4a7875b111c299a76b) C:\WINDOWS\system32\Drivers\uti3mtk2.sys 14:57:03:594 2604 VBoxNetAdp (d381cdadba1f3f6c02c9c07fa18ff1ea) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys 14:57:03:641 2604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 14:57:03:656 2604 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 14:57:03:672 2604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 14:57:03:719 2604 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 14:57:03:766 2604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 14:57:03:781 2604 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys 14:57:03:797 2604 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 14:57:03:813 2604 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 14:57:03:844 2604 WSVD (5d0a08ebf9660e07865907fb1ab022b5) C:\WINDOWS\system32\drivers\WSVD.sys 14:57:03:860 2604 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 14:57:03:875 2604 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 14:57:03:875 2604 14:57:03:875 2604 Completed 14:57:03:875 2604 14:57:03:875 2604 Results: 14:57:03:875 2604 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 14:57:03:875 2604 File objects infected / cured / cured on reboot: 0 / 0 / 0 14:57:03:875 2604 14:57:03:875 2604 KLMD(ARK) unloaded successfully
  22. Villianci
    I have run a scan and nothing was found. No log file was created.
  23. Villianci
    First of all, thanks for your help. MBAM keep blocking several IPs whenever I am on the internet, they are: 10:46:36 San IP-BLOCK 94.75.229.139 10:54:50 San IP-BLOCK 222.186.31.92 11:06:24 San IP-BLOCK 208.73.210.28 Attached are the logs you requested. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4248 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 28-Jun-10 2:08:05 PM mbam-log-2010-06-28 (14-08-05).txt Scan type: Quick scan Objects scanned: 137468 Time elapsed: 9 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-03-17.01) - NTFSx86 Run by San at 14:15:19.42 on 28-Jun-10 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.955.340 [GMT 8:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\Windows\system32\TpShocks.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mobile Broadband Modem\Mobile Broadband Modem.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\San\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://google.com BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [Google Update] "c:\documents and settings\san\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe mRun: [TpShocks] c:\windows\system32\TpShocks.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [RTHDCPL] RTHDCPL.EXE mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} - hxxp://web.lead.com.sg/SchoolDNA/Common/saxfile.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab TCP: {78633375-A3EB-494F-8376-9A1C740715DB} = 203.116.1.78 203.116.254.150 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\san\applic~1\mozilla\firefox\profiles\2kkrgtnm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sg/ig FF - component: c:\documents and settings\san\application data\mozilla\firefox\profiles\2kkrgtnm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - plugin: c:\documents and settings\san\application data\mozilla\firefox\profiles\2kkrgtnm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\documents and settings\san\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-10-19 18960] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-20 11608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-10-4 1872320] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-20 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-20 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-20 60936] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-20 304464] R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2008-10-19 430080] R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-10-19 47680] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2008-10-19 9472] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-12-9 102656] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-20 20952] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-10-19 156160] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-5-24 1527900] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-8-26 17408] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] S3 uti3mtk2;AVZ Kernel Driver;c:\windows\system32\drivers\uti3mtk2.sys [2010-6-23 7168] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-6-16 79888] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?] S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-10-19 81192] ============== File Associations =============== .txt= =============== Created Last 30 ================ 2010-06-23 03:43:45 796 --sha-w- c:\windows\setup_9.0.0.722_23.06.2010_03-42drv.spi 2010-06-23 03:42:16 7168 ----a-w- c:\windows\system32\drivers\uti3mtk2.sys 2010-06-19 21:49:39 0 d-----w- c:\docume~1\san\applic~1\Avira 2010-06-19 21:46:07 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-19 21:46:06 0 d-----w- c:\program files\Avira 2010-06-19 21:46:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-06-19 21:17:42 20 ----a-w- c:\documents and settings\san\defogger_reenable 2010-06-19 21:15:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-19 21:15:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 21:15:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-19 21:09:25 0 d-----w- c:\docume~1\san\applic~1\QuickScan 2010-06-19 17:34:20 0 d-----w- c:\program files\StreamTorrent 1.0 2010-06-19 17:34:20 0 d-----w- c:\docume~1\san\applic~1\StreamTorrent 2010-06-19 05:21:35 0 d-sha-r- C:\cmdcons 2010-06-19 05:15:21 98816 ----a-w- c:\windows\sed.exe 2010-06-19 05:15:21 77312 ----a-w- c:\windows\MBR.exe 2010-06-19 05:15:21 256512 ----a-w- c:\windows\PEV.exe 2010-06-19 05:15:21 161792 ----a-w- c:\windows\SWREG.exe 2010-06-18 09:06:10 0 d-----w- c:\program files\AVG 2010-06-18 09:05:35 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-06-18 08:37:29 374 ----a-w- c:\windows\system32\.crusader 2010-06-18 08:23:58 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-06-18 08:23:58 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-18 08:14:42 0 d-----w- c:\documents and settings\san\.SunDownloadManager 2010-06-18 06:10:48 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-06-17 16:48:14 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-17 16:44:17 0 d-----w- c:\program files\Lavasoft 2010-06-17 09:23:27 0 d-----w- c:\program files\Sophos 2010-06-16 19:30:51 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-06-16 19:30:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-06-10 04:23:15 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll 2010-06-10 04:22:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-09 16:27:23 0 d-----w- c:\docume~1\san\applic~1\MechCAD 2010-06-06 04:59:10 0 d-----w- c:\docume~1\san\applic~1\Red Alert 3 Uprising 2010-05-31 09:33:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Electronic Arts ==================== Find3M ==================== 2010-06-20 06:19:26 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-07 13:23:48 100620 ---ha-w- c:\windows\system32\mlfcache.dat 2010-05-11 06:15:05 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-28 14:45:09 51716 ----a-w- c:\windows\system32\pdf995mon.dll 2010-04-28 14:45:09 249856 ----a-w- c:\windows\system32\pdfmona.dll 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-03-30 16:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-30 16:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe ============= FINISH: 14:16:13.57 =============== Attach.zip
  24. Villianci
    any help? here is an updated Avira scan log. Avira AntiVir Personal Report file date: Friday, June 25, 2010 00:36 Scanning for 2263470 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : San Computer name : YENSAN Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 19-Apr-10 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 01-Apr-10 05:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 01-Apr-10 05:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 07-Mar-10 11:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 10-Feb-10 16:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06-Nov-09 02:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19-Nov-09 12:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20-Jan-10 10:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26-Jan-10 09:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05-Mar-10 04:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15-Apr-10 21:56:55 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02-Jun-10 21:57:09 VBASE007.VDF : 7.10.7.219 2048 Bytes 02-Jun-10 21:57:09 VBASE008.VDF : 7.10.7.220 2048 Bytes 02-Jun-10 21:57:09 VBASE009.VDF : 7.10.7.221 2048 Bytes 02-Jun-10 21:57:10 VBASE010.VDF : 7.10.7.222 2048 Bytes 02-Jun-10 21:57:10 VBASE011.VDF : 7.10.7.223 2048 Bytes 02-Jun-10 21:57:10 VBASE012.VDF : 7.10.7.224 2048 Bytes 02-Jun-10 21:57:10 VBASE013.VDF : 7.10.8.37 270336 Bytes 10-Jun-10 21:57:13 VBASE014.VDF : 7.10.8.69 138752 Bytes 14-Jun-10 21:57:14 VBASE015.VDF : 7.10.8.102 130560 Bytes 16-Jun-10 21:57:15 VBASE016.VDF : 7.10.8.135 152064 Bytes 21-Jun-10 06:09:36 VBASE017.VDF : 7.10.8.163 432128 Bytes 23-Jun-10 03:02:28 VBASE018.VDF : 7.10.8.164 2048 Bytes 23-Jun-10 03:02:29 VBASE019.VDF : 7.10.8.165 2048 Bytes 23-Jun-10 03:02:31 VBASE020.VDF : 7.10.8.166 2048 Bytes 23-Jun-10 03:02:32 VBASE021.VDF : 7.10.8.167 2048 Bytes 23-Jun-10 03:02:32 VBASE022.VDF : 7.10.8.168 2048 Bytes 23-Jun-10 03:02:33 VBASE023.VDF : 7.10.8.169 2048 Bytes 23-Jun-10 03:02:33 VBASE024.VDF : 7.10.8.170 2048 Bytes 23-Jun-10 03:02:33 VBASE025.VDF : 7.10.8.171 2048 Bytes 23-Jun-10 03:02:34 VBASE026.VDF : 7.10.8.172 2048 Bytes 23-Jun-10 03:02:35 VBASE027.VDF : 7.10.8.173 2048 Bytes 23-Jun-10 03:02:35 VBASE028.VDF : 7.10.8.174 2048 Bytes 23-Jun-10 03:02:36 VBASE029.VDF : 7.10.8.175 2048 Bytes 23-Jun-10 03:02:36 VBASE030.VDF : 7.10.8.176 2048 Bytes 23-Jun-10 03:02:37 VBASE031.VDF : 7.10.8.180 24576 Bytes 23-Jun-10 03:02:38 Engineversion : 8.2.4.2 AEVDF.DLL : 8.1.2.0 106868 Bytes 19-Jun-10 21:57:45 AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 24-Jun-10 03:03:50 AESCN.DLL : 8.1.6.1 127347 Bytes 19-Jun-10 21:57:39 AESBX.DLL : 8.1.3.1 254324 Bytes 19-Jun-10 21:57:46 AERDL.DLL : 8.1.4.6 541043 Bytes 19-Jun-10 21:57:38 AEPACK.DLL : 8.2.2.5 430453 Bytes 24-Jun-10 03:03:37 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 19-Jun-10 21:57:36 AEHEUR.DLL : 8.1.1.38 2724214 Bytes 24-Jun-10 03:03:27 AEHELP.DLL : 8.1.11.6 242038 Bytes 24-Jun-10 03:02:49 AEGEN.DLL : 8.1.3.12 377204 Bytes 24-Jun-10 03:02:45 AEEMU.DLL : 8.1.2.0 393588 Bytes 19-Jun-10 21:57:23 AECORE.DLL : 8.1.15.3 192886 Bytes 19-Jun-10 21:57:22 AEBB.DLL : 8.1.1.0 53618 Bytes 19-Jun-10 21:57:21 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14-Jan-10 05:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 14-Jan-10 05:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 18-Feb-10 09:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 01-Apr-10 05:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01-Apr-10 05:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 01-Apr-10 05:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26-Jan-10 02:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28-Jan-10 05:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16-Mar-10 08:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 19-Feb-10 07:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28-Jan-10 06:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 09-Apr-10 07:14:29 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Friday, June 25, 2010 00:36 Starting search for hidden objects. HKEY_USERS\S-1-5-21-1292428093-1960408961-725345543-1003\Software\SecuROM\License information\datasecu [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-1292428093-1960408961-725345543-1003\Software\SecuROM\License information\rkeysecu [NOTE] The registry entry is invisible. HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\count [NOTE] The registry entry is invisible. HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\time [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. c:\program files\internet explorer\iexplore.exe c:\Program Files\Internet Explorer\iexplore.exe [NOTE] The process is not visible. c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe c:\program files\internet explorer\iexplore.exe The scan of running processes will be started Scan process 'rsmsink.exe' - '29' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '81' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '61' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '64' Module(s) have been scanned Scan process 'avcenter.exe' - '94' Module(s) have been scanned Scan process 'wlcomm.exe' - '71' Module(s) have been scanned Scan process 'iPodService.exe' - '30' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'MsnMsgr.Exe' - '139' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '36' Module(s) have been scanned Scan process 'avgnt.exe' - '53' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '68' Module(s) have been scanned Scan process 'TpShocks.exe' - '19' Module(s) have been scanned Scan process 'Energy Management.exe' - '24' Module(s) have been scanned Scan process 'utility.exe' - '32' Module(s) have been scanned Scan process 'sm56hlpr.exe' - '25' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '26' Module(s) have been scanned Scan process 'Explorer.EXE' - '136' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '73' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'TPHDEXLG.exe' - '15' Module(s) have been scanned Scan process 'UpdateMonitor.exe' - '21' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'SbieSvc.exe' - '26' Module(s) have been scanned Scan process 'NMSAccessU.exe' - '14' Module(s) have been scanned Scan process 'mbamservice.exe' - '41' Module(s) have been scanned Scan process 'jqs.exe' - '33' Module(s) have been scanned Scan process 'hsssrv.exe' - '42' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '32' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned Scan process 'avguard.exe' - '55' Module(s) have been scanned Scan process 'a2service.exe' - '28' Module(s) have been scanned Scan process 'smss.exe' - '45' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '43' Module(s) have been scanned Scan process 'spoolsv.exe' - '75' Module(s) have been scanned Scan process 'svchost.exe' - '47' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'btwdins.exe' - '27' Module(s) have been scanned Scan process 'svchost.exe' - '165' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'services.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'lsass.exe' - '58' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '83' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1803' files ). Starting the file scan: Begin scan in 'C:\' C:\Program Files\Songbird\Songbird-Uninstall.exe [WARNING] Insufficient memory. The file was not scanned. Begin scan in 'D:\' <YENSAN> End of the scan: Friday, June 25, 2010 01:55 Used time: 1:19:18 Hour(s) The scan has been done completely. 12392 Scanned directories 448814 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 448814 Files not concerned 2644 Archives were scanned 1 Warnings 0 Notes 728499 Objects were scanned with rootkit scan 40 Hidden objects were found
  25. Villianci
    As indicated above, I need the expertise of the people here in finding out what is wrong with my laptop. My volume keep muting itself recently and i have already reinstall the drivers. attached below are the scan files. DDS (Ver_10-03-17.01) - NTFSx86 Run by San at 8:02:23.34 on 20-Jun-10 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.955.354 [GMT 8:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\Windows\system32\TpShocks.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\San\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://google.com uInternet Settings,ProxyOverride = *.local BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [Google Update] "c:\documents and settings\san\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe mRun: [TpShocks] c:\windows\system32\TpShocks.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} - hxxp://web.lead.com.sg/SchoolDNA/Common/saxfile.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\san\applic~1\mozilla\firefox\profiles\2kkrgtnm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sg/ig FF - component: c:\documents and settings\san\application data\mozilla\firefox\profiles\2kkrgtnm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - plugin: c:\documents and settings\san\application data\mozilla\firefox\profiles\2kkrgtnm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\documents and settings\san\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-10-19 18960] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-20 11608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-10-4 1872320] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-20 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-20 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-20 60936] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-20 304464] R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2008-10-19 430080] R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-10-19 47680] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2008-10-19 9472] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-20 20952] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-10-19 156160] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-5-24 1527900] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-12-9 102656] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-8-26 17408] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-6-16 79888] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?] S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-10-19 81192] ============== File Associations =============== .txt= =============== Created Last 30 ================ 2010-06-19 21:49:39 0 d-----w- c:\docume~1\san\applic~1\Avira 2010-06-19 21:46:07 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-19 21:46:06 0 d-----w- c:\program files\Avira 2010-06-19 21:46:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-06-19 21:17:42 20 ----a-w- c:\documents and settings\san\defogger_reenable 2010-06-19 21:15:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-19 21:15:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 21:15:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-19 21:09:25 0 d-----w- c:\docume~1\san\applic~1\QuickScan 2010-06-19 17:34:20 0 d-----w- c:\program files\StreamTorrent 1.0 2010-06-19 17:34:20 0 d-----w- c:\docume~1\san\applic~1\StreamTorrent 2010-06-19 05:21:35 0 d-sha-r- C:\cmdcons 2010-06-19 05:15:21 98816 ----a-w- c:\windows\sed.exe 2010-06-19 05:15:21 77312 ----a-w- c:\windows\MBR.exe 2010-06-19 05:15:21 256512 ----a-w- c:\windows\PEV.exe 2010-06-19 05:15:21 161792 ----a-w- c:\windows\SWREG.exe 2010-06-18 09:06:10 0 d-----w- c:\program files\AVG 2010-06-18 09:05:35 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-06-18 08:37:29 698 ----a-w- c:\windows\system32\.crusader 2010-06-18 08:28:35 0 d-----w- c:\program files\Hitman Pro 3.5 2010-06-18 08:23:58 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-06-18 08:23:58 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-18 08:14:42 0 d-----w- c:\documents and settings\san\.SunDownloadManager 2010-06-18 06:10:48 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-06-17 16:48:14 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-17 16:44:17 0 d-----w- c:\program files\Lavasoft 2010-06-17 09:23:27 0 d-----w- c:\program files\Sophos 2010-06-17 04:05:15 0 d-----w- c:\program files\Spyware Doctor 2010-06-16 19:30:51 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-06-16 19:30:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-06-10 04:23:15 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll 2010-06-10 04:22:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-09 16:27:23 0 d-----w- c:\docume~1\san\applic~1\MechCAD 2010-06-06 04:59:10 0 d-----w- c:\docume~1\san\applic~1\Red Alert 3 Uprising 2010-05-31 09:33:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Electronic Arts 2010-05-24 04:07:58 0 ----a-w- c:\windows\MusicEditor.INI 2010-05-23 06:28:45 0 d-----w- c:\docume~1\san\applic~1\Red Alert 3 2010-05-23 06:25:40 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-05-23 06:25:40 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2010-05-23 06:25:37 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2010-05-23 06:25:35 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2010-05-23 00:13:04 0 d-----w- c:\program files\SystemRequirementsLab 2010-05-22 20:26:42 0 d-----w- c:\docume~1\san\applic~1\uTorrent 2010-05-22 18:16:33 0 d-----w- c:\program files\vSoft ==================== Find3M ==================== 2010-06-19 22:14:40 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-07 13:23:48 100620 ---ha-w- c:\windows\system32\mlfcache.dat 2010-05-11 06:15:05 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-28 14:45:09 51716 ----a-w- c:\windows\system32\pdf995mon.dll 2010-04-28 14:45:09 249856 ----a-w- c:\windows\system32\pdfmona.dll 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll ============= FINISH: 8:03:11.54 =============== and here is the Anti-malware log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4216 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 20-Jun-10 7:05:34 AM mbam-log-2010-06-20 (07-05-34).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 261424 Time elapsed: 51 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.