Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with... A million malware files...


  • This topic is locked This topic is locked
22 replies to this topic

#1 Stevie Dewar

Stevie Dewar

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milton Keynes
  • Local time:01:31 PM

Posted 14 May 2010 - 08:19 AM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Stevie Dewar at 13:12:04.87 on 14/05/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2940.1596 [GMT 1:00]

SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Breakaway\breakaway.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Breakaway\breakaway.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Stevie Dewar\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Breakaway] "c:\program files\breakaway\breakaway.exe" force
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
StartupFolder: c:\users\stevie~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: line6.net
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-1 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-1 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-1 242896]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-3-1 142592]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-17 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\common files\sony ericsson\emma core\services\EmmaDeviceMgmt.exe [2010-3-30 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\common files\sony ericsson\emma core\services\EmmaUpdateMgmt.exe [2010-3-30 162936]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-4-22 90112]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-7 62832]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2009-8-6 116104]
R3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);c:\windows\system32\drivers\vaclcskd.sys [2009-12-5 50016]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-3-1 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-4-22 27632]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-3-1 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-1 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-4-22 13224]
S3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [2010-2-18 532992]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-4-22 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-4-22 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-4-22 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-4-22 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-4-22 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-4-22 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-4-22 109864]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

=============== Created Last 30 ================

2010-05-14 12:10:58 0 ----a-w- c:\users\stevie dewar\defogger_reenable
2010-05-13 21:16:10 0 d-----w- c:\program files\CCleaner
2010-05-11 22:44:55 0 d-----w- c:\program files\Vuze_Remote
2010-05-11 22:41:34 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-30 13:59:50 0 d-----w- c:\program files\ASIO4ALL v2
2010-04-30 00:36:34 0 d-----w- c:\program files\DigiDesign
2010-04-27 23:05:15 0 d-----w- c:\program files\iPod
2010-04-27 23:02:09 0 d-----w- c:\program files\Bonjour
2010-04-27 20:42:28 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-27 20:42:26 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-27 20:42:26 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-22 20:26:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-04-22 20:26:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-04-22 20:04:49 0 d-----w- c:\program files\common files\Sony Ericsson
2010-04-22 20:04:44 0 d-----w- c:\programdata\Sun
2010-04-22 20:04:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-22 19:50:41 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-04-22 19:50:18 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-04-22 19:50:18 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-04-22 19:49:57 0 d-----w- c:\programdata\BVRP Software
2010-04-22 19:48:31 148736 ----a-w- c:\programdata\hpe8EF3.dll
2010-04-22 19:48:30 86824 ----a-w- c:\windows\system32\drivers\s1018bus.sys
2010-04-22 19:48:30 26024 ----a-w- c:\windows\system32\drivers\s1018nd5.sys
2010-04-22 19:48:30 15016 ----a-w- c:\windows\system32\drivers\s1018mdfl.sys
2010-04-22 19:48:30 12200 ----a-w- c:\windows\system32\drivers\s1018whnt.sys
2010-04-22 19:48:30 12200 ----a-w- c:\windows\system32\drivers\s1018wh.sys
2010-04-22 19:48:30 12200 ----a-w- c:\windows\system32\drivers\s1018cmnt.sys
2010-04-22 19:48:30 12200 ----a-w- c:\windows\system32\drivers\s1018cm.sys
2010-04-22 19:48:30 114728 ----a-w- c:\windows\system32\drivers\s1018mdm.sys
2010-04-22 19:48:30 109864 ----a-w- c:\windows\system32\drivers\s1018unic.sys
2010-04-22 19:48:30 10792 ----a-w- c:\windows\system32\drivers\s1018cr.sys
2010-04-22 19:48:30 106208 ----a-w- c:\windows\system32\drivers\s1018mgmt.sys
2010-04-22 19:48:30 104744 ----a-w- c:\windows\system32\drivers\s1018obex.sys
2010-04-22 19:48:24 0 d-----w- c:\programdata\Sony Ericsson
2010-04-22 19:48:24 0 d-----w- c:\program files\Sony Ericsson
2010-04-14 13:26:46 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 13:26:45 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 13:26:43 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 13:26:42 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 13:26:42 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 13:26:42 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 13:26:00 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 13:25:32 132608 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 10:28:05 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 01:50:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-03-17 01:00:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 01:00:30 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-01 15:01:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-01 15:01:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-18 03:07:50 167936 ----a-w- c:\windows\system32\l6tpux2.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:14:18.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:07:31 AM

Posted 14 May 2010 - 08:53 AM

Greetings Stevie Dewar and Welcome to the Forums,

Windows 7 is fairly difficult to infect. In your case however, using the file sharing software Vuze would most probably be the reason for your current issues. Additionally, the software "Spyware Terminator", depending on the version, would be a good suspect. You should uninstall it and install MalwareBytes anti-malware.

If you have problems with that link, you can also download it from Here or Here
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If you encounter any problems while downloading the updates, manually download them from here
    and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected then click on the Scan button.
  • The scan will begin and "Scan in progress" will show at the top. Wait for the scan to complete and do nothing else with the computer during the scan.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Exit MBAM. Please remember to copy and paste the contents of that report in your next reply. We will have much more work to do in order to finish cleaning up that system.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Next, please click HERE to download CKScanner and save it to your Desktop. <- Important
  • Right-click CKScanner.exe and click Image Run as Administrator in the context menu.
  • Click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop.

Copy the contents and paste them in your next reply along with the scan results from the mbam scan as instructed above. Thanks!


Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 Stevie Dewar

Stevie Dewar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milton Keynes
  • Local time:01:31 PM

Posted 14 May 2010 - 09:06 AM

Cheers for the quick reply, I'm just goiung to run MBAM as I already have it on here from being advised to put it on here.
I've removed Vuze now, but are you sure Spyware Terminator is a problem program, I have been running that for years now as it was the top downloaded Spyware Defense on Download.com but none the less, I'll remove it anyways
My next post will have the report log from MBAM in it and the CKFiles document as well

Thanks for your help
SD

#4 Stevie Dewar

Stevie Dewar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milton Keynes
  • Local time:01:31 PM

Posted 14 May 2010 - 09:24 AM

Right, just thought I'd let you know that I ran Malware Bytes Anti Malware and I could see it was scanning the infected files, but the end result came up as "no infected files"
This is pathetic, Why won't it pick up the malware :S
I've now run CKScanner and i've attached the log file from that as well as the MBAM file...

Dunno what to do now

Attached Files



#5 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:07:31 AM

Posted 14 May 2010 - 09:59 AM

Your log shows that you have some stolen software installed:
QUOTE
c:\users\stevie dewar\documents\ableton\library\presets\audio effects\vinyl distortion\crack.adv
c:\users\stevie dewar\downloads\azureus vuze\keygens and patches\ez drummer keygen.exe
c:\users\stevie dewar\downloads\azureus vuze\keygens and patches\fm2010_v10.1.0_pc_patch.exe
c:\users\stevie dewar\downloads\azureus vuze\keygens and patches\lame_enc.dll
c:\users\stevie dewar\downloads\azureus vuze\keygens and patches\reason keygen.exe
c:\users\stevie dewar\downloads\azureus vuze\keygens and patches\wireless key.txt
c:\users\stevie dewar\downloads\azureus vuze\keygens and patches\breakaway\breakaway.exe
c:\users\stevie dewar\downloads\azureus vuze\keygens and patches\breakaway\q.reg
c:\users\stevie dewar\downloads\azureus vuze\keygens and patches\breakaway\_readme!.txt
scanner sequence 3.CF.11

Since cracked software is considered illegal in almost every developed country on the planet, I doubt you will find anyone online who will be willing to help you with problems that resulted from installing it. Certainly you can understand the legal implications should one get involved with assisting in the cleanup or restoration of a system that has bootlegged some program(s).

The law has not yet been fully tested, so I for one don't want to find my name on anyone's radar listing.

Your best plan would be to reformat the hard disk and reinstall windows. You can read more Here about how to do that.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#6 Stevie Dewar

Stevie Dewar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milton Keynes
  • Local time:01:31 PM

Posted 14 May 2010 - 10:28 AM

Those files are all old files that I had from my old laptop. I removed them as soon as the test came up showing those files, but I still have the problem on here.

They were nothing to do with the virus coming about as well. It came about after I clicked on some group on Facebook.
Please help me with this, I'm desperate to get rid of the virus

(Ps, the file "wireless key.txt the passcode to the wireless at my college, the breakaway files are actually bought from the breakaway website but I kept them in that file as a back up and the the file under the ableton list "crack.adv" is a plugin for distortion on there, not an actual crack. As well as that, lame_enc.dll isn't a crack/keygen or patch either, it's a file i copied into there from Audacity so i could mix recorded tracks down to MP3. This is a file you can get anywhere on the internet for free. The others, admittedly, are cracks and I know they're not good, but as said, they are gone now)

#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:31 PM

Posted 15 May 2010 - 01:23 AM

Hello, Stevie Dewar.
My name is aommaster and I will be helping you with your log.

Before we begin, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 Stevie Dewar

Stevie Dewar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milton Keynes
  • Local time:01:31 PM

Posted 15 May 2010 - 07:04 AM

Hi there AONMaster. Thank you for your reply. I am just running the RSIT program and then I'll be running the GMER program to get the log

*edit* for some reason, RSIT is coming up with a line error number 2563 saying "error variable without being declared"

I haven't downloaded Hijackthis, would this be the problem?

#9 Stevie Dewar

Stevie Dewar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milton Keynes
  • Local time:01:31 PM

Posted 15 May 2010 - 08:00 AM

Right, i installed HJT and then ran it, only clicked scan on it but then when I restarted my laptop, the icons in the system tray disappeared and wont come back as if their registry or start up file has disappeared :S

#10 Stevie Dewar

Stevie Dewar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milton Keynes
  • Local time:01:31 PM

Posted 15 May 2010 - 01:13 PM

Anyone able to help me on this at all?

#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:31 PM

Posted 15 May 2010 - 01:40 PM

Hello, Stevie Dewar.
Please give me a while to respond to your replies. I will be helping you throughout the course of this fix. If I have not responded within 48 hours, please feel free to send me a PM.

Regarding you not being able to run RSIT, let's use a different scanner instead:
We need to run a DDS scan
  1. Please download DDS by sUBs from one of the following links. Save it to your desktop.
    Download 1
    Download 2
  2. Double click on the DDS icon, allow it to run
  3. A small box will open, with an explanation about the tool. No input is needed, the scan is running
  4. Notepad will open with the results, click no to the Optional Scan
  5. Follow the instructions that pop up for posting the results
  6. Close the program window
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

In your next reply, please include the following:
  • DDS Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#12 Stevie Dewar

Stevie Dewar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milton Keynes
  • Local time:01:31 PM

Posted 15 May 2010 - 02:02 PM

hi there mate
i've attached the DDS report log to this post for you to look at
Cheers!



DDS (Ver_10-03-17.01) - NTFSx86
Run by Stevie Dewar at 19:58:18.83 on 15/05/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2940.1651 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\Breakaway\breakaway.exe
C:\Program Files\Breakaway\breakaway.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Stevie Dewar\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mURLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Breakaway] "c:\program files\breakaway\breakaway.exe" force
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\stevie~1\appdata\roaming\mozilla\firefox\profiles\qj6pyvk9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-15 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-15 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-15 242896]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-15 308064]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\common files\sony ericsson\emma core\services\EmmaDeviceMgmt.exe [2010-3-30 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\common files\sony ericsson\emma core\services\EmmaUpdateMgmt.exe [2010-3-30 162936]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-4-22 90112]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-7 62832]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2009-8-6 116104]
R3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);c:\windows\system32\drivers\vaclcskd.sys [2009-12-5 50016]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-3-1 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-4-22 27632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-1 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-4-22 13224]
S3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [2010-2-18 532992]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-4-22 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-4-22 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-4-22 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-4-22 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-4-22 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-4-22 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-4-22 109864]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-3-1 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]

=============== Created Last 30 ================

2010-05-15 12:53:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-15 12:53:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-15 12:53:25 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-15 12:53:21 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-15 12:49:57 0 d-----w- c:\programdata\avg9
2010-05-15 11:53:01 0 d-----w- c:\program files\trend micro
2010-05-14 12:10:58 0 ----a-w- c:\users\stevie dewar\defogger_reenable
2010-05-13 21:16:10 0 d-----w- c:\program files\CCleaner
2010-05-11 22:44:55 0 d-----w- c:\program files\Vuze_Remote
2010-05-11 22:41:34 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-30 13:59:50 0 d-----w- c:\program files\ASIO4ALL v2
2010-04-30 00:36:34 0 d-----w- c:\program files\DigiDesign
2010-04-27 23:05:15 0 d-----w- c:\program files\iPod
2010-04-27 23:02:09 0 d-----w- c:\program files\Bonjour
2010-04-27 20:42:28 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-27 20:42:26 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-27 20:42:26 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-22 20:26:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-04-22 20:26:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-04-22 20:04:49 0 d-----w- c:\program files\common files\Sony Ericsson
2010-04-22 20:04:44 0 d-----w- c:\programdata\Sun
2010-04-22 20:04:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-22 19:50:41 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-04-22 19:50:18 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-04-22 19:50:18 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-04-22 19:49:57 0 d-----w- c:\programdata\BVRP Software
2010-04-22 19:48:31 148736 ----a-w- c:\programdata\hpe8EF3.dll
2010-04-22 19:48:30 86824 ----a-w- c:\windows\system32\drivers\s1018bus.sys
2010-04-22 19:48:30 26024 ----a-w- c:\windows\system32\drivers\s1018nd5.sys
2010-04-22 19:48:30 15016 ----a-w- c:\windows\system32\drivers\s1018mdfl.sys
2010-04-22 19:48:30 12200 ----a-w- c:\windows\system32\drivers\s1018whnt.sys
2010-04-22 19:48:30 12200 ----a-w- c:\windows\system32\drivers\s1018wh.sys
2010-04-22 19:48:30 12200 ----a-w- c:\windows\system32\drivers\s1018cmnt.sys
2010-04-22 19:48:30 12200 ----a-w- c:\windows\system32\drivers\s1018cm.sys
2010-04-22 19:48:30 114728 ----a-w- c:\windows\system32\drivers\s1018mdm.sys
2010-04-22 19:48:30 109864 ----a-w- c:\windows\system32\drivers\s1018unic.sys
2010-04-22 19:48:30 10792 ----a-w- c:\windows\system32\drivers\s1018cr.sys
2010-04-22 19:48:30 106208 ----a-w- c:\windows\system32\drivers\s1018mgmt.sys
2010-04-22 19:48:30 104744 ----a-w- c:\windows\system32\drivers\s1018obex.sys
2010-04-22 19:48:24 0 d-----w- c:\programdata\Sony Ericsson
2010-04-22 19:48:24 0 d-----w- c:\program files\Sony Ericsson

==================== Find3M ====================

2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 01:50:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 15:01:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-01 15:01:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-18 03:07:50 167936 ----a-w- c:\windows\system32\l6tpux2.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:58:47.41 ===============

Attached Files

  • Attached File  DDS.txt   17.88KB   6 downloads

Edited by aommaster, 15 May 2010 - 02:06 PM.


#13 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:31 PM

Posted 15 May 2010 - 02:06 PM

Hello, Stevie Dewar.
I've editted your post to copy and paste the log in. In the future, please do the same as it makes it easier for me to read the logs smile.gif

Let's begin.
P2P Program Warning!

Vuze

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
Here

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall the programs listed above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#14 Stevie Dewar

Stevie Dewar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milton Keynes
  • Local time:01:31 PM

Posted 15 May 2010 - 02:27 PM

Combofix.txt

ComboFix 10-05-15.01 - Stevie Dewar 15/05/2010 20:16:11.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2940.2038 [GMT 1:00]
Running from: c:\users\Stevie Dewar\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe8EF3.dll

Infected copy of c:\windows\system32\drivers\vdrvroot.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
.

2010-05-15 19:23 . 2010-05-15 19:23 -------- d-----w- c:\users\Stevie Dewar\AppData\Local\temp
2010-05-15 19:10 . 2010-05-15 19:10 -------- d-----w- C:\32788R22FWJFW
2010-05-15 12:53 . 2010-05-15 12:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-15 12:53 . 2010-05-15 12:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-15 12:53 . 2010-05-15 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-15 12:53 . 2010-05-15 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-15 12:53 . 2010-05-15 12:53 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-15 12:49 . 2010-05-15 12:50 -------- d-----w- c:\programdata\avg9
2010-05-15 11:53 . 2010-05-15 18:26 -------- d-----w- c:\program files\trend micro
2010-05-15 11:53 . 2010-05-15 11:53 -------- d-----w- C:\rsit
2010-05-13 21:16 . 2010-05-13 21:16 -------- d-----w- c:\program files\CCleaner
2010-05-11 22:55 . 2010-05-11 22:55 182 ----a-w- c:\users\Stevie Dewar\AppData\Roaming\Azureus\restart.bat
2010-05-11 22:41 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-30 18:53 . 2010-04-30 18:53 655360 ----a-w- c:\users\Stevie Dewar\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-04-30 18:53 . 2010-04-30 18:53 282624 ----a-w- c:\users\Stevie Dewar\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-04-30 18:53 . 2010-04-30 18:53 208896 ----a-w- c:\users\Stevie Dewar\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-04-30 13:59 . 2010-04-30 13:59 -------- d-----w- c:\program files\ASIO4ALL v2
2010-04-30 09:54 . 2010-04-30 09:54 -------- d-----w- c:\windows\Sun
2010-04-30 00:36 . 2010-04-30 00:36 -------- d-----w- c:\program files\DigiDesign
2010-04-27 23:05 . 2010-04-27 23:05 -------- d-----w- c:\program files\iPod
2010-04-27 23:02 . 2010-04-27 23:02 -------- d-----w- c:\program files\Bonjour
2010-04-27 23:01 . 2010-04-27 23:01 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-27 20:42 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-27 20:42 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-27 20:42 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-22 20:28 . 2010-04-22 20:28 81016 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\62\1\.cp\lib\S1SLEngineWrapper.dll
2010-04-22 20:28 . 2010-04-22 20:28 1772664 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\30\1\.cp\lib\BHQ.dll
2010-04-22 20:28 . 2010-04-22 20:28 105592 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\50\1\.cp\lib\MemStickFlash.dll
2010-04-22 20:28 . 2010-04-22 20:28 105592 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\30\1\.cp\lib\BHQFlash.dll
2010-04-22 20:26 . 2010-04-22 20:26 101496 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\69\1\.cp\lib\USBFlash.dll
2010-04-22 20:05 . 2010-04-22 20:05 117880 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\6\1\.cp\lib\DeviceManager.dll
2010-04-22 20:05 . 2010-04-22 20:05 109688 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\56\1\.cp\lib\osds.dll
2010-04-22 20:05 . 2010-04-22 20:05 93304 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\58\1\.cp\lib\OsTools.dll
2010-04-22 20:05 . 2010-04-22 20:05 57344 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\4\1\.cp\lib\serialio.dll
2010-04-22 20:05 . 2010-04-22 20:05 216184 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\60\1\.cp\lib\RegistryReader.dll
2010-04-22 20:04 . 2010-04-22 20:04 -------- d-----w- c:\program files\Common Files\Sony Ericsson
2010-04-22 20:04 . 2010-04-22 20:04 -------- d-----w- c:\program files\Common Files\Java
2010-04-22 20:04 . 2010-04-22 20:04 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-22 19:50 . 2010-04-22 19:50 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-04-22 19:50 . 2010-04-22 19:50 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-04-22 19:50 . 2010-04-22 19:50 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-04-22 19:49 . 2010-04-22 19:49 -------- d-----w- c:\programdata\BVRP Software
2010-04-22 19:49 . 2010-04-22 19:49 -------- d-----w- c:\users\Stevie Dewar\AppData\Local\Sony Ericsson
2010-04-21 19:20 . 2010-04-21 19:20 -------- d-----w- c:\users\Stevie Dewar\AppData\Local\Diagnostics

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 18:44 . 2010-03-06 19:53 -------- d-----w- c:\program files\Breakaway
2010-05-14 16:30 . 2010-03-01 14:46 -------- d-----w- c:\program files\Vuze
2010-05-13 21:17 . 2010-03-01 14:47 -------- d-----w- c:\users\Stevie Dewar\AppData\Roaming\Azureus
2010-05-13 20:32 . 2010-03-01 18:57 -------- d-----w- c:\users\Stevie Dewar\AppData\Roaming\Spotify
2010-05-12 01:35 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-11 22:35 . 2009-09-10 06:53 -------- d-----w- c:\programdata\Microsoft Help
2010-05-11 22:30 . 2010-04-09 04:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 01:01 . 2010-03-03 01:09 -------- d-----w- c:\program files\REAPER
2010-04-30 13:27 . 2010-03-03 00:55 -------- d-----w- c:\program files\VstPlugins
2010-04-30 13:27 . 2009-09-10 06:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-30 13:27 . 2010-03-03 01:25 -------- d-----w- c:\program files\IK Multimedia
2010-04-29 14:39 . 2010-04-09 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-04-09 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 10:17 . 2010-03-01 14:48 -------- d-----w- c:\program files\Paint.NET
2010-04-27 23:07 . 2010-03-01 14:39 -------- d-----w- c:\program files\iTunes
2010-04-27 23:05 . 2010-03-01 14:36 -------- d-----w- c:\program files\Common Files\Apple
2010-04-25 11:19 . 2010-03-03 01:10 -------- d-----w- c:\users\Stevie Dewar\AppData\Roaming\REAPER
2010-04-22 20:26 . 2010-04-22 20:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-04-22 20:26 . 2010-04-22 20:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-04-22 20:04 . 2010-04-22 19:48 -------- d-----w- c:\program files\Sony Ericsson
2010-04-22 20:04 . 2010-04-22 19:48 -------- d-----w- c:\programdata\Sony Ericsson
2010-04-10 22:00 . 2010-04-10 22:00 1923864 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-04-10 22:00 . 2010-04-10 22:00 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-09 12:51 . 2010-04-09 02:11 -------- d-sh--w- c:\users\Stevie Dewar\AppData\Roaming\lowsec
2010-04-09 05:00 . 2010-04-09 01:59 -------- d-----w- c:\users\Stevie Dewar\AppData\Roaming\Sports Interactive
2010-04-09 04:39 . 2010-04-09 04:39 -------- d-----w- c:\users\Stevie Dewar\AppData\Roaming\Malwarebytes
2010-04-09 04:39 . 2010-04-09 04:39 -------- d-----w- c:\programdata\Malwarebytes
2010-04-09 02:55 . 2010-04-09 02:55 -------- d-----w- c:\programdata\Alwil Software
2010-04-09 02:36 . 2010-04-09 02:36 111608 ----a-w- c:\users\Stevie Dewar\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-09 02:00 . 2010-04-09 02:00 -------- d-----w- c:\programdata\Sports Interactive
2010-04-09 01:51 . 2010-04-09 01:46 -------- d--h--w- c:\program files\Zero G Registry
2010-04-09 01:46 . 2010-04-09 01:46 -------- d-----w- c:\program files\Sports Interactive
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 13:46 . 2010-04-06 13:45 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-06 13:44 . 2010-04-06 13:44 -------- d-----w- c:\program files\QuickTime
2010-04-03 02:09 . 2010-04-03 01:49 -------- d-----w- c:\program files\Intel
2010-04-03 01:50 . 2010-04-03 01:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-04-03 01:49 . 2010-04-03 01:49 -------- d-----w- c:\program files\Synaptics
2010-04-03 01:49 . 2010-04-03 01:49 -------- d-----w- c:\program files\CONEXANT
2010-04-03 01:47 . 2009-09-10 07:00 -------- d-----w- c:\program files\Microsoft
2010-04-03 01:33 . 2010-03-01 18:35 -------- d-----w- c:\users\Stevie Dewar\AppData\Roaming\install
2010-03-28 09:52 . 2010-03-28 09:52 -------- d-----w- c:\programdata\Hewlett-Packard
2010-03-24 13:48 . 2009-09-10 06:40 -------- d-----w- c:\programdata\Partner
2010-03-24 01:52 . 2010-03-24 01:52 -------- d-----w- c:\programdata\FLEXnet
2010-03-24 01:52 . 2010-03-24 01:52 -------- d-----w- c:\users\Stevie Dewar\AppData\Roaming\com.adobe.ExMan
2010-03-24 01:50 . 2009-09-10 06:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-24 01:49 . 2010-03-24 01:49 -------- d-----w- c:\program files\Adobe Media Player
2010-03-24 01:45 . 2010-03-24 01:45 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-24 00:26 . 2010-03-01 15:02 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-24 00:26 . 2010-03-24 00:26 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-24 00:26 . 2010-03-24 00:26 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-24 00:26 . 2010-03-01 15:02 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-24 00:26 . 2010-03-01 15:02 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-24 00:26 . 2010-03-01 15:02 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-24 00:26 . 2010-03-01 15:01 -------- d-----w- c:\program files\Common Files\Real
2010-03-24 00:26 . 2010-03-01 15:01 -------- d-----w- c:\program files\Real
2010-03-24 00:25 . 2010-03-24 00:25 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-23 16:02 . 2010-03-01 14:38 -------- d-----w- c:\programdata\Apple Computer
2010-03-08 21:33 . 2010-04-14 13:26 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 12:42 . 2010-03-04 12:42 277536 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-03-03 01:14 . 2010-03-03 01:14 3128 ----a-r- c:\users\Stevie Dewar\AppData\Roaming\Microsoft\Installer\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}\ARPPRODUCTICON.exe
2010-03-03 01:02 . 2010-03-03 01:02 8854 ----a-r- c:\users\Stevie Dewar\AppData\Roaming\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\UNINST_Uninstall_Too_5866520C88574986833A039F4584C3F7.exe
2010-03-03 01:02 . 2010-03-03 01:02 3128 ----a-r- c:\users\Stevie Dewar\AppData\Roaming\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\ARPPRODUCTICON.exe
2010-03-03 01:02 . 2010-03-03 01:02 106496 ----a-r- c:\users\Stevie Dewar\AppData\Roaming\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\Toontrack_solo.exe1_5866520C88574986833A039F4584C3F7.exe
2010-03-03 01:02 . 2010-03-03 01:02 106496 ----a-r- c:\users\Stevie Dewar\AppData\Roaming\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\Toontrack_solo.exe_5866520C88574986833A039F4584C3F7.exe
2010-03-03 01:00 . 2010-03-03 01:00 3128 ----a-r- c:\users\Stevie Dewar\AppData\Roaming\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe
2010-03-02 22:57 . 2010-03-02 22:57 279172 ----a-w- c:\programdata\eSellerate\eWebClient.dll
2010-03-01 18:58 . 2010-03-01 18:58 683801 ----a-w- c:\programdata\Last.fm\Client\UninstWMP\unins000.exe
2010-03-01 18:58 . 2010-03-01 18:58 108 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat
2010-03-01 18:58 . 2010-03-01 18:58 683801 ----a-w- c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2010-03-01 15:02 . 2010-03-01 15:02 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-01 15:02 . 2010-03-01 15:02 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-01 15:01 . 2010-03-01 15:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-01 15:01 . 2010-03-01 15:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-01 14:20 . 2010-03-01 14:20 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8C8.tmp.exe
2010-02-27 12:07 . 2010-04-14 13:26 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07 . 2010-04-14 13:26 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 07:32 . 2010-04-14 13:26 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-14 13:26 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-14 13:26 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:56 . 2010-03-31 20:45 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-18 03:09 . 2010-02-18 03:09 1970176 ----a-w- c:\programdata\Line 6\L6TWXG\L6TWXG.dll
2010-02-18 03:08 . 2010-02-18 03:08 1532928 ----a-w- c:\programdata\Line 6\L6TWXG\data\twx\L6TWX.dll
2010-02-18 03:07 . 2010-02-18 03:07 532992 ----a-w- c:\windows\system32\drivers\L6TPortB.sys
2010-02-18 03:07 . 2010-02-18 03:07 167936 ----a-w- c:\windows\system32\l6tpux2.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Breakaway"="c:\program files\Breakaway\breakaway.exe" [2010-01-07 4885088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-04-22 13224]
R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\Drivers\L6TPortB.sys [2010-02-18 532992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-05-15 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-05-15 242896]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-15 308064]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-03-30 306296]
S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-03-30 162936]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);c:\windows\system32\DRIVERS\vaclcskd.sys [2009-12-05 50016]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-04-22 27632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 14:22]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 14:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
FF - ProfilePath - c:\users\Stevie Dewar\AppData\Roaming\Mozilla\Firefox\Profiles\qj6pyvk9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-15 20:25:35
ComboFix-quarantined-files.txt 2010-05-15 19:25

Pre-Run: 44,431,880,192 bytes free
Post-Run: 44,500,029,440 bytes free

- - End Of File - - EBFC5C0DBE70A736D174700A56CFE62D

Attached Files


Edited by Stevie Dewar, 15 May 2010 - 02:28 PM.


#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:31 PM

Posted 15 May 2010 - 02:30 PM

Hi!

Please post up a GMER log now along with a description of any problems you are having.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users