3 threats reappear

H

hweinze

New Member
Thread author
Verified
Jun 20, 2013
47
kuttus said:
Can you please try to run a scan with Farbar Recovery Scan Tool. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tooland save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.


Now Do the Search also.........
Click to expand...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by Administrator (administrator) on 26-06-2013 16:37:17
Running from J:\
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe [118784 2004-11-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SlipStream] "C:\Program Files\Accelerator\slipcore.exe" [339968 2007-11-14] (SlipStream Data Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [TaskTray] [x]
HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAC0AQQAzAFoAOAA4AC0ANgBHAEIASgBLAC0ANgBSAFcARwBBAC0AQQBNAEgAOQBQAC0AVgBBAFkAVgBIAA"&"inst=NwA2AC0AMQAyADYANAAxADIANwA4ADcAOQAtAEIAMQA5AC0AUABMACsAOQAtAFUAOQAwACsAMQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0ARABEAFQAKwAwAC0AUwBUADkAMABBAFAAUAArADEALQBDAEkARAArADEALQBJAEEAVgBBACsANgA"&"prod=92"&"ver=9.0.914 [x]
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB [x]
HKCU\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP [x]
HKCU\...\Runonce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start [x]
HKCU\...\Runonce: [spchecker] "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe" [x]
HKU\Guest\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-13] (Microsoft Corporation)
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [ 2012-04-18] (Apple Inc.)
HKU\Guest\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]
HKU\Guest\...\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start [x]
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\_uninst_.lnk
ShortcutTarget: _uninst_.lnk -> C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_.bat ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
ShortcutTarget: Windows Desktop Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: (No Name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - No File
URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
SearchScopes: HKCU - DefaultScope value is missing.
BHO: ElnkBhoGuard Class - {00000000-0000-0000-0000-000000000002} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll ()
BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll ()
BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL No File
BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Accelerator\components\NOWImaging.dll (SlipStream Data Inc.)
BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\Accelerator\Prefetch.dll (SlipStream Data Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ipp - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [294400 2007-02-05] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?CUI=UN38232825761350914&ctid=CT3281348&SearchSource=48
CHR RestoreOnStartup: "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?ui%3D2%26shva%3D1&ss=1&scc=1&ltmpl=default&ltmplcache=2#inbox", "https://www.google.com/webhp?hl=en&tab=mw", "hxxp://us.cnn.com/?refresh=1", "hxxp://malwaretips.com/blogs/remove-browser-redirect-virus/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Easy Auto Refresh) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc\2.8_0
CHR Extension: (Duolingo) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl\1.0.10_0
CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (WOT) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Calc SS3) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iicfbobganffbpdodmdcbcpblomkbeoa\0.9.98_0
CHR Extension: (WebMD) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbilgpfclhedobeklbolhgbfpimnoemg\1.0.0.0_0
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0
CHR Extension: (Quick Note) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.8_0
CHR Extension: (Ghostery) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0
CHR Extension: (FastestChrome - Browse Faster) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.1_0
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [100032 2006-07-25] (Symantec Corporation)
S2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 gupdate1c987422b32f662; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-04] (Google Inc.)
S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [94208 2008-11-22] (Sony Corporation)
S3 Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [32768 2005-07-14] (Sony Corporation)
S2 IsaMonitor; C:\Program Files\Asistente Infinitum\IsaMonitor.exe [185856 2008-07-23] (Fine Point Technologies, Inc.)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2119360 2006-07-25] (Symantec Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S2 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-10-20] ()
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-09-08] (Sonic Solutions)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [937984 2006-07-02] (Intel Corporation )
S2 SonicStageMonitoring; C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe [135168 2005-03-11] (Sony Corporation)
S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [153080 2013-04-19] (Sophos Limited)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2006-04-27] (Sony Corporation)
S2 SQLAgent$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [69632 2006-05-08] (Sony Corporation)
S2 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2008-05-03] ()
S2 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2005-11-25] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2084864 2006-06-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [770048 2006-05-18] (Sony Corporation)
S2 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-04-04] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [167936 2005-11-28] (Sony Corporation)
S2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2005-11-28] (Sony Corporation)
S3 WmcCds; c:\program files\windows media connect\mswmccds.exe [483328 2004-08-11] (Microsoft Corporation)
S3 WmcCdsLs; C:\Program Files\Windows Media Connect\mswmcls.exe [28160 2004-08-10] (Microsoft Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" [x]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]

==================== Drivers (Whitelisted) ====================

S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2006-09-01] (Meetinghouse Data Communications)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [106432 2010-06-09] (SlySoft, Inc.)
S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec)
S1 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [16512 2002-07-17] (Adaptec)
S3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cpuz135; C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [24328 2012-02-07] (CPUID)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2010-01-01] (Elaborate Bytes AG)
S2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [208256 2006-07-24] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [990592 2006-07-24] (Conexant Systems, Inc.)
S3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [11264 2008-08-18] (Sony Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2005-02-24] (Meetinghouse Data Communications)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw3x32; C:\Windows\System32\DRIVERS\NETw3x32.sys [1706752 2006-07-02] (Intel® Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
S3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.)
S1 RapportCerberus_53984; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys [317424 2013-06-23] ()
S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [102680 2013-02-13] (Trusteer Ltd.)
S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [173880 2013-02-13] (Trusteer Ltd.)
S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [57328 2008-09-08] (Sonic Solutions)
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12544 2006-07-03] (Intel Corporation)
S3 SCT_SKMScan; C:\Windows\System32\drivers\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
R3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [48896 2000-11-09] (Sony Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-09] (Duplex Secure Ltd.)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-09-15] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2008-01-30] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S2 thdudf; C:\Windows\System32\DRIVERS\thdudf.sys [66944 2010-06-21] (TOSHIBA Corporation)
S3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [226304 2006-02-21] (Texas Instruments)
S3 ubloxusb; C:\Windows\System32\DRIVERS\ubloxusb.sys [71424 2007-11-27] (u-blox AG)
S3 w300bus; C:\Windows\System32\DRIVERS\w300bus.sys [60800 2006-03-13] (MCCI)
S3 w300mdfl; C:\Windows\System32\DRIVERS\w300mdfl.sys [9264 2006-03-13] (MCCI)
S3 w300mdm; C:\Windows\System32\DRIVERS\w300mdm.sys [96352 2006-03-13] (MCCI)
S3 w300mgmt; C:\Windows\System32\DRIVERS\w300mgmt.sys [87824 2006-03-13] (MCCI)
S3 w300obex; C:\Windows\System32\DRIVERS\w300obex.sys [85696 2006-03-13] (MCCI)
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [299424 2012-03-27] (Marvell)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [x]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [x]
S3 BT; system32\DRIVERS\btnetdrv.sys [x]
S3 Btcsrusb; System32\Drivers\btcusb.sys [x]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [x]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [x]
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S3 FilterService; system32\DRIVERS\lvuvcflt.sys [x]
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S3 LVRS; system32\DRIVERS\lvrs.sys [x]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [x]
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S3 VComm; system32\DRIVERS\VComm.sys [x]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [x]
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-06-26 13:36 - 2013-06-26 13:36 - 00000000 ____D C:\FRST
2013-06-26 13:21 - 2013-06-26 13:21 - 00000000 ____D C:\Program Files\Driver-Soft
2013-06-25 20:57 - 2013-06-25 21:01 - 00000000 ____D C:\Windows\LastGood
2013-06-24 18:14 - 2013-06-25 21:00 - 00005079 ____A C:\Windows\setupapi.log
2013-06-24 13:52 - 2013-06-24 13:53 - 00001795 ____A C:\AdwCleaner[S3].txt
2013-06-23 09:56 - 2013-06-23 09:56 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-23 09:56 - 2013-06-23 09:56 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-23 09:56 - 2013-06-23 09:56 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-23 09:56 - 2013-06-23 09:56 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-06-23 09:56 - 2013-06-23 09:56 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-22 07:04 - 2013-06-22 07:41 - 00001128 ____A C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
2013-06-22 07:04 - 2013-06-22 07:41 - 00000000 ____D C:\Program Files\LastPass
2013-06-21 20:41 - 2013-06-21 20:43 - 00006954 ____A C:\AdwCleaner[S2].txt
2013-06-21 13:30 - 2013-06-21 13:41 - 00000000 ____D C:\pebuilder3110a
2013-06-20 18:39 - 2013-06-21 21:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-20 10:41 - 2013-06-20 10:41 - 00000000 ____D C:\RegBackup
2013-06-20 10:39 - 2013-06-20 10:39 - 00001812 ____A C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-06-20 10:39 - 2013-06-20 10:39 - 00000000 ____D C:\Program Files\Tweaking.com
2013-06-20 10:29 - 2013-06-20 10:29 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-06-20 10:29 - 2013-06-20 10:29 - 00007192 ____A C:\Documents and Settings\Administrator\My Documents\HitmanPro_20130620_1029.log
2013-06-20 10:13 - 2013-06-20 10:13 - 00006446 ____A C:\Documents and Settings\Administrator\My Documents\HitmanPro_20130620_1012.log
2013-06-20 09:47 - 2013-06-20 09:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-06-20 09:35 - 2013-06-20 09:37 - 00003422 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2013-06-20 09:16 - 2013-06-20 09:16 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-06-20 09:14 - 2013-06-20 09:14 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-20 09:13 - 2013-06-20 09:13 - 00000884 _RASH C:\Documents and Settings\Administrator\ntuser.pol
2013-06-20 09:13 - 2013-06-20 09:13 - 00000000 ____D C:\Windows\CSC
2013-06-19 11:28 - 2013-06-19 11:28 - 00000000 ____D C:\Program Files\ESET
2013-06-19 11:04 - 2013-06-19 11:04 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 11:03 - 2013-06-21 20:54 - 00000000 ____D C:\JRT
2013-06-19 10:36 - 2013-06-19 10:36 - 00000466 ____A C:\AdwCleaner[S1].txt
2013-06-19 10:31 - 2013-06-19 10:32 - 00012835 ____A C:\AdwCleaner[R1].txt
2013-06-19 10:02 - 2013-06-24 14:18 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2013-06-19 10:02 - 2013-06-19 10:02 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-19 10:01 - 2013-06-20 10:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-06-18 22:04 - 2013-06-19 09:17 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-18 21:57 - 2013-06-21 21:45 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-18 21:57 - 2013-06-21 21:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-18 21:57 - 2013-06-18 21:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-06-18 21:57 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-18 19:03 - 2013-06-18 19:03 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-06-17 18:18 - 2013-06-17 18:18 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2013-06-17 11:48 - 2012-10-12 16:34 - 00033096 ____A (Sophos Limited) C:\Windows\System32\Drivers\sct_skmscan.sys
2013-06-16 15:57 - 2013-06-16 15:57 - 00000053 ____A C:\Windows\System32\Console.log
2013-06-16 15:56 - 2013-06-16 15:56 - 00000000 ____D C:\Sophos
2013-06-16 15:55 - 2013-06-16 15:55 - 00000000 ____D C:\scss_10
2013-06-15 20:02 - 2006-03-15 07:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wamregps.dll
2013-06-15 20:01 - 2006-03-15 07:00 - 00019968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetsloc.dll
2013-06-15 20:01 - 2006-03-15 07:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetmgr.exe
2013-06-15 20:01 - 2001-08-17 14:56 - 00066048 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\s3legacy.dll
2013-06-15 20:00 - 2006-03-15 07:00 - 00169984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisui.dll
2013-06-15 20:00 - 2006-03-15 07:00 - 00094720 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\certmap.ocx
2013-06-15 20:00 - 2006-03-15 07:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisreset.exe
2013-06-15 20:00 - 2006-03-15 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftpsapi2.dll
2013-06-15 20:00 - 2006-03-15 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisrstap.dll
2013-06-11 13:13 - 2013-06-11 13:18 - 00000000 ____D C:\Program Files\'Full Speed' Internet Booster
2013-06-11 13:13 - 2013-06-11 13:13 - 00000000 ____D C:\Windows\'Full Speed' Internet Booster
2013-06-09 09:00 - 2013-06-09 09:04 - 00000000 ____D C:\Program Files\PCPitstop
2013-06-09 09:00 - 2013-06-09 09:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstop
2013-05-31 20:34 - 2013-05-31 20:34 - 00000000 ____D C:\Program Files\Axantum
2013-05-30 07:32 - 2013-05-30 07:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
2013-05-29 12:59 - 2013-05-31 09:12 - 00002253 ____N C:\Documents and Settings\All Users\Desktop\iSpy.lnk
2013-05-29 12:59 - 2013-05-29 12:59 - 00000000 ____D C:\Program Files\iSpy

==================== One Month Modified Files and Folders ========

2013-06-26 16:33 - 2006-09-01 17:22 - 00000062 _ASHC C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-26 16:33 - 2006-09-01 17:19 - 00000062 _ASHC C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-26 16:24 - 2011-12-12 21:22 - 00000384 ___AC C:\Windows\wiadebug.log
2013-06-26 16:24 - 2006-09-01 17:19 - 00032634 ____A C:\Windows\SchedLgU.Txt
2013-06-26 16:24 - 2006-09-01 17:19 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2013-06-26 16:23 - 2011-12-12 21:22 - 01611929 ___AC C:\Windows\WindowsUpdate.log
2013-06-26 15:29 - 2009-06-30 00:44 - 00000886 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-26 15:21 - 2011-12-18 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-06-26 13:36 - 2013-06-26 13:36 - 00000000 ____D C:\FRST
2013-06-26 13:21 - 2013-06-26 13:21 - 00000000 ____D C:\Program Files\Driver-Soft
2013-06-26 13:18 - 2008-12-19 14:25 - 00000868 ___AC C:\Windows\Tasks\Google Software Updater.job
2013-06-26 13:06 - 2011-11-27 18:06 - 00000580 __AHC C:\Windows\Tasks\DataUpload.job
2013-06-26 04:33 - 2012-10-17 11:50 - 00000472 ____A C:\Windows\Tasks\AVG PC Tuneup 2011 Integrator Scan and Repair.job
2013-06-26 04:28 - 2007-07-13 20:03 - 00000000 ____D C:\Windows\Minidump
2013-06-26 04:00 - 2012-03-07 16:18 - 00000448 ___AC C:\Windows\Tasks\SyncBack Nightly Local Backup.job
2013-06-26 03:01 - 2013-01-04 08:12 - 00000480 ___AC C:\Windows\Tasks\SyncBackFree Nightly Local Backup.job
2013-06-25 21:01 - 2013-06-25 20:57 - 00000000 ____D C:\Windows\LastGood
2013-06-25 21:00 - 2013-06-24 18:14 - 00005079 ____A C:\Windows\setupapi.log
2013-06-25 20:50 - 2006-09-01 17:11 - 00000000 ____D C:\Windows\Registration
2013-06-25 20:48 - 2011-12-12 21:22 - 00000049 ___AC C:\Windows\wiaservc.log
2013-06-25 20:48 - 2011-11-27 18:06 - 00000616 __AHC C:\Windows\Tasks\ConfigExec.job
2013-06-25 20:48 - 2009-06-30 00:44 - 00000882 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 20:47 - 2006-09-01 17:19 - 00000062 _ASHC C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-25 20:43 - 2006-09-01 17:22 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2013-06-25 10:57 - 2010-11-17 19:52 - 00000000 ____D C:\Program Files\Asistente Infinitum
2013-06-25 10:57 - 2007-12-04 14:12 - 00000000 ____D C:\Program Files\Asistente Prodigy
2013-06-24 14:18 - 2013-06-19 10:02 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2013-06-24 13:54 - 2011-11-27 17:06 - 00196608 ____A C:\Windows\System32\config\WindowsPowerShell.evt
2013-06-24 13:53 - 2013-06-24 13:52 - 00001795 ____A C:\AdwCleaner[S3].txt
2013-06-23 09:56 - 2013-06-23 09:56 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-23 09:56 - 2013-06-23 09:56 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-23 09:56 - 2013-06-23 09:56 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-23 09:56 - 2013-06-23 09:56 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-06-23 09:56 - 2013-06-23 09:56 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-23 09:56 - 2012-07-16 20:57 - 00867240 ___AC (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-06-23 09:56 - 2010-06-12 07:30 - 00789416 ___AC (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-23 09:56 - 2006-09-01 18:33 - 00000000 ____D C:\Program Files\Java
2013-06-22 07:41 - 2013-06-22 07:04 - 00001128 ____A C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
2013-06-22 07:41 - 2013-06-22 07:04 - 00000000 ____D C:\Program Files\LastPass
2013-06-21 21:45 - 2013-06-18 21:57 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-21 21:45 - 2013-06-18 21:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-21 21:42 - 2013-06-20 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-21 20:54 - 2013-06-19 11:03 - 00000000 ____D C:\JRT
2013-06-21 20:43 - 2013-06-21 20:41 - 00006954 ____A C:\AdwCleaner[S2].txt
2013-06-21 16:11 - 2007-07-19 15:50 - 00035504 ____A C:\StarBurn.log
2013-06-21 13:41 - 2013-06-21 13:30 - 00000000 ____D C:\pebuilder3110a
2013-06-20 21:25 - 2006-09-01 10:03 - 00632740 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-06-20 11:19 - 2006-09-15 13:45 - 00148056 ___AC C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-20 11:17 - 2006-09-01 10:02 - 03828440 ___AC C:\Windows\System32\FNTCACHE.DAT
2013-06-20 11:07 - 2006-09-01 17:15 - 00023392 ____A C:\Windows\System32\nscompat.tlb
2013-06-20 11:07 - 2006-09-01 17:15 - 00016832 ____A C:\Windows\System32\amcompat.tlb
2013-06-20 10:41 - 2013-06-20 10:41 - 00000000 ____D C:\RegBackup
2013-06-20 10:39 - 2013-06-20 10:39 - 00001812 ____A C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-06-20 10:39 - 2013-06-20 10:39 - 00000000 ____D C:\Program Files\Tweaking.com
2013-06-20 10:29 - 2013-06-20 10:29 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-06-20 10:29 - 2013-06-20 10:29 - 00007192 ____A C:\Documents and Settings\Administrator\My Documents\HitmanPro_20130620_1029.log
2013-06-20 10:29 - 2013-06-19 10:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-06-20 10:13 - 2013-06-20 10:13 - 00006446 ____A C:\Documents and Settings\Administrator\My Documents\HitmanPro_20130620_1012.log
2013-06-20 09:47 - 2013-06-20 09:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-06-20 09:37 - 2013-06-20 09:35 - 00003422 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2013-06-20 09:21 - 2008-07-18 22:40 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-06-20 09:16 - 2013-06-20 09:16 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-06-20 09:14 - 2013-06-20 09:14 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-20 09:13 - 2013-06-20 09:13 - 00000884 _RASH C:\Documents and Settings\Administrator\ntuser.pol
2013-06-20 09:13 - 2013-06-20 09:13 - 00000000 ____D C:\Windows\CSC
2013-06-19 13:38 - 2009-02-04 22:35 - 00001813 ___AC C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-06-19 11:28 - 2013-06-19 11:28 - 00000000 ____D C:\Program Files\ESET
2013-06-19 11:04 - 2013-06-19 11:04 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 10:48 - 2009-01-02 17:42 - 00000000 ____D C:\Program Files\dvdSanta
2013-06-19 10:36 - 2013-06-19 10:36 - 00000466 ____A C:\AdwCleaner[S1].txt
2013-06-19 10:32 - 2013-06-19 10:31 - 00012835 ____A C:\AdwCleaner[R1].txt
2013-06-19 10:02 - 2013-06-19 10:02 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-19 09:17 - 2013-06-18 22:04 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-19 07:01 - 2007-08-07 20:49 - 00000000 ____D C:\Windows\pss
2013-06-18 21:57 - 2013-06-18 21:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-06-18 19:28 - 2012-10-10 08:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-06-18 19:03 - 2013-06-18 19:03 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-06-18 19:00 - 2010-10-23 17:42 - 00000000 ___HD C:\$AVG
2013-06-18 18:03 - 2008-05-20 15:54 - 00000000 ____D C:\Program Files\AVG
2013-06-18 09:01 - 2011-12-19 22:04 - 00000284 ___AC C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-06-17 18:18 - 2013-06-17 18:18 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2013-06-16 15:59 - 2013-03-30 13:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2013-06-16 15:57 - 2013-06-16 15:57 - 00000053 ____A C:\Windows\System32\Console.log
2013-06-16 15:56 - 2013-06-16 15:56 - 00000000 ____D C:\Sophos
2013-06-16 15:55 - 2013-06-16 15:55 - 00000000 ____D C:\scss_10
2013-06-15 20:21 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\repair
2013-06-14 19:50 - 2012-10-18 08:57 - 00000406 __RSH C:\Documents and Settings\All Users\ntuser.pol
2013-06-14 11:36 - 2009-11-12 19:43 - 00000000 ____D C:\Program Files\Unlocker
2013-06-14 11:36 - 2006-09-01 18:54 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared
2013-06-14 11:34 - 2007-07-16 18:35 - 00000000 ____D C:\Games
2013-06-14 10:56 - 2006-09-01 16:55 - 00000736 ____A C:\Windows\System32\Drivers\etc\hosts_bak_264
2013-06-14 08:00 - 2012-10-10 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2013-06-12 11:32 - 2007-08-25 20:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-06-12 11:16 - 2007-04-28 20:57 - 73381792 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 11:15 - 2009-06-24 09:18 - 00000000 ____D C:\Windows\ie8updates
2013-06-11 13:18 - 2013-06-11 13:13 - 00000000 ____D C:\Program Files\'Full Speed' Internet Booster
2013-06-11 13:13 - 2013-06-11 13:13 - 00000000 ____D C:\Windows\'Full Speed' Internet Booster
2013-06-11 10:24 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\Media
2013-06-11 10:24 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\Cursors
2013-06-11 10:23 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\System32\inetsrv
2013-06-10 23:11 - 2007-12-24 22:25 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-10 23:08 - 2011-01-27 09:49 - 00000000 ____D C:\Program Files\DVDFab 8
2013-06-10 23:06 - 2009-04-18 20:43 - 00000000 ____D C:\Program Files\NCH Software
2013-06-10 22:59 - 2008-11-29 17:07 - 00000000 ____D C:\Program Files\AC3Filter
2013-06-10 22:55 - 2011-11-25 11:23 - 00000496 ____C C:\Windows\WININIT.INI
2013-06-10 22:55 - 2006-09-01 17:32 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-10 22:52 - 2008-11-29 17:06 - 00000000 ____D C:\Program Files\DivX
2013-06-10 22:51 - 2009-04-07 22:00 - 00000000 ____D C:\Program Files\Rising Research
2013-06-10 22:51 - 2007-08-02 21:31 - 00000000 ____D C:\Program Files\Smissie Game Pack
2013-06-10 22:49 - 2008-11-29 17:07 - 00000000 ____D C:\Program Files\Morgan
2013-06-10 22:45 - 2007-04-20 10:51 - 00000000 ____D C:\Program Files\Common Files\Teleca Shared
2013-06-09 09:04 - 2013-06-09 09:00 - 00000000 ____D C:\Program Files\PCPitstop
2013-06-09 09:01 - 2013-06-09 09:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstop
2013-06-04 20:33 - 2006-09-01 17:10 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-02 07:41 - 2011-07-17 20:16 - 00109660 ___HC C:\Windows\System32\mlfcache.dat
2013-06-01 13:03 - 2007-09-02 17:02 - 00000000 ____D C:\Program Files\WinRAR
2013-05-31 20:34 - 2013-05-31 20:34 - 00000000 ____D C:\Program Files\Axantum
2013-05-31 12:29 - 2012-03-07 17:59 - 00001018 ____N C:\Documents and Settings\All Users\Desktop\Advanced File Security 4.lnk
2013-05-31 12:29 - 2012-03-07 17:59 - 00001013 ____N C:\Documents and Settings\All Users\Desktop\Windows sicher beenden.lnk
2013-05-31 12:29 - 2012-03-07 17:59 - 00001013 ____N C:\Documents and Settings\All Users\Desktop\Secure Windows Shutdown.lnk
2013-05-31 09:12 - 2013-05-29 12:59 - 00002253 ____N C:\Documents and Settings\All Users\Desktop\iSpy.lnk
2013-05-30 08:29 - 2007-12-24 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-05-30 07:38 - 2007-12-24 22:02 - 00000000 ____D C:\Program Files\Adobe
2013-05-30 07:32 - 2013-05-30 07:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
2013-05-30 07:29 - 2007-12-24 21:36 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-29 22:52 - 2006-09-01 16:55 - 00001158 ____C C:\Windows\System32\wpa.dbl
2013-05-29 12:59 - 2013-05-29 12:59 - 00000000 ____D C:\Program Files\iSpy
2013-05-29 12:51 - 2008-06-19 15:50 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-05-29 12:36 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\System32\mui
2013-05-27 16:11 - 2009-04-09 18:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Run FRST once more and type spws.sys in the search box. Then press search. Post the log that will be create on the USB

Repeat the same for
spbo.sys
sper.sys
 
H

hweinze

New Member
Thread author
Verified
Jun 20, 2013
47
kuttus said:
Run FRST once more and type spws.sys in the search box. Then press search. Post the log that will be create on the USB

Repeat the same for
spbo.sys
sper.sys
Click to expand...

Hi Kuttus...Do I run it from Advance Boot Options or Normally ?
 
H

hweinze

New Member
Thread author
Verified
Jun 20, 2013
47
hweinze said:
kuttus said:
Run FRST once more and type spws.sys in the search box. Then press search. Post the log that will be create on the USB

Repeat the same for
spbo.sys
sper.sys
Click to expand...

Hi Kuttus...Do I run it from Advance Boot Options or Normally ?
Click to expand...

OK I ran it in normal mode...
[attachment=4985][attachment=4986][attachment=4987]
 

Attachments

  • Searchspws.sys.txt
    213 bytes · Views: 93
  • Searchspbo.sys.txt
    213 bytes · Views: 74
  • Searchsper.sys.txt
    213 bytes · Views: 93
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
You have to run it from Advance Boot Options..... Like I said in the last post.. Save it to USB and boot into advance boot option so and so.
 
H

hweinze

New Member
Thread author
Verified
Jun 20, 2013
47
kuttus said:
You have to run it from Advance Boot Options..... Like I said in the last post.. Save it to USB and boot into advance boot option so and so.
Click to expand...

[attachment=4992][attachment=4993][attachment=4994]
 

Attachments

  • Searchspws.txt
    235 bytes · Views: 91
  • Searchspbo.txt
    235 bytes · Views: 89
  • Searchsper.txt
    235 bytes · Views: 64
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Got to the location C:\WINDOWS\system32\drivers and Rename the file spnf.sys with a name spnf.sys1 and reboot the computer. Check if you are getting any error messages.
 
H

hweinze

New Member
Thread author
Verified
Jun 20, 2013
47
kuttus said:
Got to the location C:\WINDOWS\system32\drivers and Rename the file spnf.sys with a name spnf.sys1 and reboot the computer. Check if you are getting any error messages.
Click to expand...

File (spnf.sys) not found.
 
H

hweinze

New Member
Thread author
Verified
Jun 20, 2013
47
kuttus said:
Done one more scan and check how it is looking now.
Click to expand...

AVG detects a new iteration of of the infected filename every day but when I look for the file it I cannot find it. (AVG is not set to romove virus/infections)

This is what AVG reports now.

"";"atapi.sys, hooked import HAL.dll READ_PORT_UCHAR -> sprx.sys +0x2042, C:\WINDOWS\system32\drivers\sprx.sys";"Infected";"Part of operating system";"30-Jun-2013, 4:00:15 AM"

"";"atapi.sys, hooked import HAL.dll READ_PORT_BUFFER_USHORT -> sprx.sys +0x213E, C:\WINDOWS\system32\drivers\sprx.sys";"Infected";"Part of operating system";"30-Jun-2013, 4:00:15 AM"

"";"i8042prt.sys, hooked import HAL.dll READ_PORT_UCHAR -> sprx.sys +0x11B90, C:\WINDOWS\system32\drivers\sprx.sys";"Infected";"Part of operating system";"30-Jun-2013, 4:00:16 AM"
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
STEP 1 : Run a scan with Kaspersky TDSSKiller
<ol>
<li>Download Kaspersky TDSKiller from the below link.
<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> <em>(This link will automatically download Kaspersky TDSSKiller on your computer)</em>
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail <em>signature check</em> do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If <em>Suspicious objects</em> are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If <em>Malicious objects</em> are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>VERY IMPORTANT!</> - If <em>Cure</em> is not available, please choose <>Skip</> instead. DO NOT choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>
<hr />
 
Last edited by a moderator:
H

hweinze

New Member
Thread author
Verified
Jun 20, 2013
47
kuttus said:
STEP 1 : Run a scan with Kaspersky TDSSKiller
<ol>
<li>Download Kaspersky TDSKiller from the below link.
<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> <em>(This link will automatically download Kaspersky TDSSKiller on your computer)</em>
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail <em>signature check</em> do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If <em>Suspicious objects</em> are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If <em>Malicious objects</em> are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>VERY IMPORTANT!</> - If <em>Cure</em> is not available, please choose <>Skip</> instead. DO NOT choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>
<hr />
Click to expand...


[attachment=5000]
 

Attachments

  • TDSSKiller.2.8.16.0_30.06.2013_18.58.28_log.txt
    138.8 KB · Views: 89
Last edited by a moderator:
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Please run the following utility so that I can get a log of your system...
STEP 1 : Run a scan with Combofix
Please read and follow very carefully the below instructions

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em> performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</>.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------------

How to run the Combofix scan :
  1. Double click on ComboFix.exe & follow the prompts.
  2. Accept the disclaimer and allow to update if it asks
  3. When finished, it shall produce a log for you.
    [*]Please include the C:\ComboFix.txt in your next reply.

Additional notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li> If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>



<hr />
 
Last edited by a moderator:
H

hweinze

New Member
Thread author
Verified
Jun 20, 2013
47
kuttus said:
Please run the following utility so that I can get a log of your system...
STEP 1 : Run a scan with Combofix
Please read and follow very carefully the below instructions

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em> performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</>.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------------

How to run the Combofix scan :
  1. Double click on ComboFix.exe & follow the prompts.
  2. Accept the disclaimer and allow to update if it asks
  3. When finished, it shall produce a log for you.
    [*]Please include the C:\ComboFix.txt in your next reply.

Additional notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li> If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>



<hr />
Click to expand...


[attachment=5001]
 

Attachments

  • ComboFix.txt
    28.2 KB · Views: 95
Last edited by a moderator:
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
This one seems fine only........ Are you facing any issues on the computer except the AVG detection? I think that one is a False Positive...
 
H

hweinze

New Member
Thread author
Verified
Jun 20, 2013
47
kuttus said:
This one seems fine only........ Are you facing any issues on the computer except the AVG detection? I think that one is a False Positive...
Click to expand...

No other issues I know. I will use it like it is and let you know if any issues occur. Thank you for your help.
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
You are most welcome. Feel free to contact us if you are facing any issues...
Double click on OTL to run it
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
  • This will remove itself and other tools we may have used.



Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link



Keep your system updated
  • Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
  • Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
  • Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.


Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
  • KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
  • AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
  • NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
  • Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask :)

<hr />
What's next?
  1. Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
  2. Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
  3. Be an active member in the MalwareTips community! :)



My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
 
H

hweinze

New Member
Thread author
Verified
Jun 20, 2013
47
I am trying to follow your recommendations. When I try to create a new System Restore point following the link "How to create a set point in xp" the "System Restore" window comes up empty (ie. window border with white inside and no text.) I checked control panel>system>system restore, "Turn off system restore on all drives" box is unchecked.
What to do now?
 
H

hweinze

New Member
Thread author
Verified
Jun 20, 2013
47
kuttus said:
Try this
http://support.microsoft.com/kb/948247
Click to expand...

Thanks for the suggestion but I already tried that. It is the same link that was in your previous post. "Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after....for XP" the "System Restore" window comes up empty. I wonder if somehow that Windows function is corrupt.
 

Similar threads

D
  • Locked
Delete Chromstera
Replies
2
Views
988
Windows Malware Removal Help & Support
nasdaq
nasdaq
Gandalf_The_Grey
    • Like
    • Applause
Security News Discord will switch to temporary file links to block malware delivery
Replies
1
Views
2,228
Security News
Seandc33
S
flyingmonkey
    • Like
    • Applause
New joiner here
Replies
11
Views
483
New Members Introduction
EstrellaRhodes
E

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top