Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Alureon.FP and Sirefef.J Viruses and Firewall Issues

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby SnoopJre » March 27th, 2012, 12:22 pm

Hello,
I am reposting this thread as I did not respond in time.
I have Windows 7 on a Sony Vaio laptop and am using Microsoft Security Essentials. I came across this site because I was following the steps from a Malware Removal Guide (http://www.selectrealsecurity.com/malware-removal-guide). The first time I ran TDSSKiller, it found and removed something, and prompted me to reboot. Upon reboot my PC was not able to load windows, so it went into recovery mode which didn't work and the only way to load Windows was to go to a restore point from earlier in the day. Once I did a system restore, I ran MSE which found Alureon.FP, Sirefef.J. I removed them with MSE. I was not prompted to reboot, so I ran TDSSKiller again. This time it found nothing. At this point, MSE popped up and said I had Sirefef.B, so I removed it, and was prompted to reboot. Upon reboot, I was not able to load Windows again and had to do another system restore in order to get into Windows. I have ran MSE and deleted the viruses, only to have MSE say I still have them a few minutes later. I have also tried running Malwarebytes Anti-Malware and SUPERAntiSypware, both seem to clean my computer, but I am still not able to load Windows upon reboot and have to do a system restore. I seem to be in this vicious circle where I clean my computer, reboot and am not able to load windows, so I restore to a point with the viruses intact. Another thing I have noticed is my firewall is not working properly, when I click on "Use recommended settings" I get Error Code 0x80070424. I am not sure what to do at this point and any help is greatly appreciated. I was asked to run CKSkanner and have included that data. Thanks again!

DDS.txt log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Cliff at 11:03:20 on 2012-03-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3950.2121 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\svcs.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe
C:\Users\Cliff\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Cliff\AppData\Local\Radvision\Conference Client\7.15.000.32\cucore.exe
C:\Users\Cliff\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Cliff\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [Facebook Update] "C:\Users\Cliff\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Akamai NetSession Interface] "C:\Users\Cliff\AppData\Local\Akamai\netsession_win.exe"
uRun: [CUCore Agent] "C:\Users\Cliff\AppData\Local\Radvision\Conference Client\7.15.000.32\ConfAgent.exe" /minimize
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Download] "C:\Users\Cliff\AppData\Local\SupportSoft\ddoctorv2\Cliff\SSGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
mRun: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
StartupFolder: C:\Users\Cliff\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Cliff\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableVirtualization = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\2416C6C627F6F6D6 : DhcpNameServer = 192.168.4.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\4497E65687 : DhcpNameServer = 192.168.2.1 64.233.207.8 64.233.207.9
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\561676C65677F6F64636F6E666 : DhcpNameServer = 12.127.16.67 12.127.17.71 4.2.2.2
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\86F6473707F64713 : DhcpNameServer = 192.168.4.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO-X64: Updater For XFIN_PORTAL - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun-x64: [(Default)]
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
mRun-x64: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\h0he9zpi.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: C:\Users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\h0he9zpi.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}\components\dtTransparency.dll
FF - component: C:\Users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\h0he9zpi.default\extensions\{7000b6ca-4388-4d95-893d-6659c2d4d1ce}\components\dtTransparency.dll
FF - component: C:\Users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\h0he9zpi.default\extensions\{7000b6ca-4388-4d95-893d-6659c2d4d1ce}\components\dtTransparency3.5.dll
FF - component: C:\Users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\h0he9zpi.default\extensions\{7000b6ca-4388-4d95-893d-6659c2d4d1ce}\components\dtTransparency3.6.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin8.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Cliff\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Cliff\AppData\Local\Radvision\Installer\1.5.0.1\npClientInstMgr.dll
FF - plugin: C:\Users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\h0he9zpi.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 Ext2Fsd;Linux ext2 file system driver;C:\Windows\system32\drivers\Ext2Fsd.sys --> C:\Windows\system32\drivers\Ext2Fsd.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 6077757b;6077757b;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
R2 NetworkLog;NetworkLog;C:\Windows\svcs.exe [2012-3-13 583528]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-1-11 82944]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-9-23 104960]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-23 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-9-23 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S1 nsigprao;nsigprao;\??\C:\Windows\system32\drivers\nsigprao.sys --> C:\Windows\system32\drivers\nsigprao.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-23 136176]
S2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
S3 bcm;WiMAX Network Adapter;C:\Windows\system32\DRIVERS\drxvi314_64.sys --> C:\Windows\system32\DRIVERS\drxvi314_64.sys [?]
S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys --> C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys [?]
S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-12-15 124224]
S3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;C:\Windows\system32\DRIVERS\DIFMBUS.sys --> C:\Windows\system32\DRIVERS\DIFMBUS.sys [?]
S3 DIFMCVsp;Franklin EVDO USB Modem CM Port;C:\Windows\system32\DRIVERS\DIFMCVsp.sys --> C:\Windows\system32\DRIVERS\DIFMCVsp.sys [?]
S3 DIFMMdm;Franklin EVDO USB Modem;C:\Windows\system32\DRIVERS\DIFMMdm.sys --> C:\Windows\system32\DRIVERS\DIFMMdm.sys [?]
S3 DIFMNET;Franklin EVDO USB Modem Network Adapter;C:\Windows\system32\DRIVERS\DIFMNET.sys --> C:\Windows\system32\DRIVERS\DIFMNET.sys [?]
S3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;C:\Windows\system32\DRIVERS\DIFMNVsp.sys --> C:\Windows\system32\DRIVERS\DIFMNVsp.sys [?]
S3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;C:\Windows\system32\DRIVERS\DIFMVsp.sys --> C:\Windows\system32\DRIVERS\DIFMVsp.sys [?]
S3 EMVSCARD;EMVSCARD;C:\Windows\system32\Drivers\EMVSCARD.sys --> C:\Windows\system32\Drivers\EMVSCARD.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-23 136176]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]
S3 ser2at;ATEN USB to Serial port driver;C:\Windows\system32\DRIVERS\ser2at64.sys --> C:\Windows\system32\DRIVERS\ser2at64.sys [?]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TridVid;USB TV Tuner;C:\Windows\system32\DRIVERS\tridvid6010.sys --> C:\Windows\system32\DRIVERS\tridvid6010.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2010-12-1 257936]
SUnknown mtqhkgoa;mtqhkgoa; [x]
SUnknown qhpiumga;qhpiumga; [x]
.
=============== Created Last 30 ================
.
2012-03-27 15:53:15 50000 ----a-w- C:\Windows\System32\drivers\nsigprao.sys
2012-03-27 15:52:12 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D5623C47-8219-4E4F-B632-7C2732684BFF}\offreg.dll
2012-03-27 15:41:34 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D5623C47-8219-4E4F-B632-7C2732684BFF}\mpengine.dll
2012-03-14 15:17:28 48464 ----a-w- C:\Windows\System32\drivers\niivsifm.sys
2012-03-14 15:17:07 48464 ----a-w- C:\Windows\System32\drivers\wumrsehc.sys
2012-03-13 16:10:16 583528 ----a-w- C:\Windows\svcs.exe
2012-03-13 14:04:13 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-13 13:53:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-10 11:43:36 48464 ----a-w- C:\Windows\System32\drivers\slbstzjz.sys
.
==================== Find3M ====================
.
2012-02-01 18:02:56 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-23 03:26:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2010-04-11 21:52:48 1826816 ----a-w- C:\Program Files (x86)\Uninstall6.exe
.
============= FINISH: 11:04:44.20 ===============

Attach.txt log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/11/2010 4:24:46 PM
System Uptime: 3/27/2012 10:51:21 AM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | N/A | 2534/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 203.485 GiB free.
E: is CDROM ()
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: regi
Device ID: ROOT\LEGACY_REGI\0000
Manufacturer:
Name: regi
PNP Device ID: ROOT\LEGACY_REGI\0000
Service: regi
.
==== System Restore Points ===================
.
RP389: 3/15/2012 10:06:13 PM - Windows Update
RP390: 3/17/2012 11:30:35 AM - Windows Update
RP391: 3/18/2012 12:39:36 PM - Windows Update
RP392: 3/18/2012 8:13:03 PM - Windows Update
RP393: 3/19/2012 12:23:15 PM - Windows Update
RP394: 3/21/2012 10:16:24 PM - Windows Update
RP395: 3/24/2012 12:21:41 PM - Windows Update
RP396: 3/25/2012 1:58:51 PM - Windows Update
RP397: 3/27/2012 10:41:14 AM - Windows Update
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Assistant
Adobe Dreamweaver CS3
Adobe Dreamweaver CS5.5
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS5.5
Adobe Help Viewer CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS5.1
Adobe Reader 9.4.7
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Widget Browser
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
BrightAuthor
BrightAuthorInstaller2.3Branch
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Comcast Desktop Software (v1.2.0.9)
Corel WinDVD
Crestron D3Pro Templates 2.02.009.00
Crestron D3Pro v2.08
Crestron Database 23.05.010.01
Crestron Device Database31.05.005.00
Crestron Digital Media Tools v3.00
Crestron DVPHDTool 2.01.004.23
Crestron iLuxDesigner v2.00.01.02
Crestron MasterInstaller
Crestron Procise Tools 1.00.33.23
Crestron ProdigyTools 1.00.016.23
Crestron ProSoundTools 2.00.18.23
Crestron SystemBuilder Base Templates 3.10.005.00 (Black-Blue)
Crestron SystemBuilder Theme 3.10.005.00 (Destiny:Frosted Glass
Crestron SystemBuilder Theme v3.10.005.00 (Black-Green)
Crestron Toolbox 1.23.058.05
Crestron VisionTools Pro-e 4.2.12.01
D-Nav Controls
D3DX10
DEAL for Windows
Definition update for Microsoft Office 2010 (KB982726)
Desktop Doctor
Dropbox
Engraver v5.03
Evernote
Facebook Video Calling 1.2.0.159
FileZilla Client 3.5.0
Gentner AP-Ware
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HEXwrite
HP Color LaserJet CP4520-CP4020 Series Screen Fonts
HP Color LaserJet CP4520-CP4020 Series User Guide
HyperTerminal Private Edition v7.0
ImageMixer 3 SE Ver.6 Transfer Utility
ImageMixer 3 SE Ver.6 Video Tools
InstallVC90Support
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Just BASIC v1.01
Logitech Harmony Remote Software
Malwarebytes Anti-Malware version 1.60.0.1800
Media Gallery
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visio Viewer 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
OOBE
PCMag.com Top 100 Web Sites as IE Favorites
PDF Settings CS5
PL-2303 USB-to-Serial
PMB
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
PPspliT
QuickTime
QuickTime Alternative 3.2.2
RADVISION Conference Client
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Remote Keyboard with PlayStation 3
Remote Play with PlayStation 3
Remote Play with PlayStation®3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
SIMPL Windows v2.12
SIMPL+ Cross Compiler
Skype™ 5.3
SmartWi Connection Utility
SMI Grabber Device
SystemBuilder v3.09
Touchpanel Graphics v1.00
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition plug-in (Click to Disc)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
VAIO Care
VAIO Care Update
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story Template Data
VAIO Quick Web Access
VAIO Sample Contents
VAIO Survey
VAIO Transfer Support
VAIO Update
Viewport v3.99.01
VLC media player 1.1.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/27/2012 10:53:51 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/27/2012 10:52:13 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/27/2012 10:51:54 AM, Error: Service Control Manager [7000] - The regi service failed to start due to the following error: The system cannot find the file specified.
3/27/2012 10:51:53 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/27/2012 10:51:50 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
3/27/2012 10:51:49 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/27/2012 10:41:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/27/2012 10:31:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/25/2012 2:35:01 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
3/25/2012 1:59:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/24/2012 12:22:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/23/2012 8:35:11 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
3/23/2012 8:34:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/23/2012 10:16:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.62.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/23/2012 10:06:53 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/22/2012 8:41:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/22/2012 8:37:39 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/21/2012 8:41:55 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/21/2012 10:17:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/21/2012 10:04:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/20/2012 9:36:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.314.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/20/2012 9:36:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.314.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/20/2012 9:36:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.314.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/20/2012 9:36:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.314.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/20/2012 9:36:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.314.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/20/2012 9:36:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.314.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.6502.0&avdelta=1.97.314.0&asdelta=1.97.314.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/20/2012 9:36:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.314.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.6502.0&avdelta=1.97.314.0&asdelta=1.97.314.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/20/2012 9:36:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.314.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.6502.0&avdelta=1.97.314.0&asdelta=1.97.314.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/20/2012 9:36:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.314.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.6502.0&avdelta=1.97.314.0&asdelta=1.97.314.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/20/2012 9:27:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/20/2012 10:41:51 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/20/2012 10:18:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

CKSkanner ckfiles.txt log:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\adobe\adobe dreamweaver cs5.5\configuration\taglibraries\html\keygen.vtm
c:\users\cliff\desktop\music\carole peterson\sticky bubble gum\06 jimmy crack corn.m4a
scanner sequence 3.AA.11.KFAPAX
----- EOF -----
SnoopJre
Active Member
 
Posts: 11
Joined: March 13th, 2012, 5:19 pm
Advertisement
Register to Remove

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby Gary R » March 29th, 2012, 9:41 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby Gary R » March 29th, 2012, 9:49 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi SnoopJre

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Looks like you've still got an Alurean infection on your computer. At this point it's not possible to say whether it's fully active or just remnants. We'll need to run some checks to see what turns up.

First

  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it
Image
  • Click the SCAN button to start the scan.
Image
  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.

DO NOT TRY TO FIX ANYTHING THAT MIGHT BE FOUND

Next

  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image

  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.

Summary of the logs I need from you in your next post:
  • aswMBR log
  • FRST.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby SnoopJre » March 29th, 2012, 9:03 pm

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-29 20:01:34
-----------------------------
20:01:34.203 OS Version: Windows x64 6.1.7600
20:01:34.204 Number of processors: 4 586 0x2505
20:01:34.204 ComputerName: VAIO04 UserName: Cliff
20:01:36.265 Initialize success
20:02:01.434 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:02:01.437 Disk 0 Vendor: ST950032 0006 Size: 476940MB BusType: 3
20:02:01.450 Disk 0 MBR read successfully
20:02:01.452 Disk 0 MBR scan
20:02:01.454 Disk 0 Windows 7 default MBR code
20:02:01.461 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10901 MB offset 2048
20:02:01.470 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 22327296
20:02:01.478 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 465937 MB offset 22532096
20:02:01.495 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
20:02:01.498 Disk 0 scanning C:\Windows\system32\drivers
20:02:11.997 Service scanning
20:02:21.425 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:02:33.683 Modules scanning
20:02:33.690 Disk 0 trace - called modules:
20:02:33.711 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:02:33.717 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006388060]
20:02:33.721 3 CLASSPNP.SYS[fffff88001aad43f] -> nt!IofCallDriver -> [0xfffffa8003572720]
20:02:33.725 5 ACPI.sys[fffff88000f71781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003ffa050]
20:02:33.730 Scan finished successfully
20:02:46.188 Disk 0 MBR has been saved successfully to "C:\Users\Cliff\Desktop\Malware Scanners\MBR.dat"
20:02:46.193 The log file has been saved successfully to "C:\Users\Cliff\Desktop\Malware Scanners\aswMBR.txt"
SnoopJre
Active Member
 
Posts: 11
Joined: March 13th, 2012, 5:19 pm

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby SnoopJre » March 29th, 2012, 9:15 pm

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 29-03-2012 20:10:32
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436224 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [89080 2010-07-15] (Sony Electronics Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 [202560 2008-04-24] (SupportSoft, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a [75072 2010-12-15] (Sprint)
HKLM-x32\...\Run: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe" [316736 2010-12-15] (C-motech Co.,Ltd)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\Cliff\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-09-23] (Google Inc.)
HKU\Cliff\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1091 2011-10-02] ()
HKU\Cliff\...\Run: [Facebook Update] "C:\Users\Cliff\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-08-23] (Facebook Inc.)
HKU\Cliff\...\Run: [Akamai NetSession Interface] "C:\Users\Cliff\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc)
HKU\Cliff\...\Run: [CUCore Agent] "C:\Users\Cliff\AppData\Local\Radvision\Conference Client\7.15.000.32\ConfAgent.exe" /minimize [126064 2012-01-11] (RADVISION Ltd.)
HKU\Cliff\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5487488 2012-02-04] (SUPERAntiSpyware.com)
HKU\Cliff\...\Run: [Download] "C:\Users\Cliff\AppData\Local\SupportSoft\ddoctorv2\Cliff\SSGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe" [x]
HKU\Creative Soundz Inc\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-09-23] (Google Inc.)
HKU\user\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-09-23] (Google Inc.)
HKU\user\...\Run: [conhost] C:\Users\user\AppData\Roaming\Microsoft\conhost.exe [x]
HKU\user\...\Winlogon: [Shell] explorer.exe
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
3 CASprint; "C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe" /n "CASprint" [124224 2010-12-15] (SmithMicro Inc.)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [654848 2011-08-03] (Macrovision Europe Ltd.)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-03-03] (Intel Corporation)
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
2 NetworkLog; C:\Windows\svcs.exe [583528 2012-03-13] ()
2 NvtlService; "C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe" [82944 2010-01-11] ()
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [367456 2010-06-01] (Sony Corporation)
2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [185632 2007-07-24] (Protexis Inc.)
4 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=inteldata" [257936 2010-08-12] (Sony Corporation)
3 SOHCImp; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [108400 2010-06-20] (Sony Corporation)
3 SOHDms; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe" [423280 2010-06-18] (Sony Corporation)
3 SOHDs; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" [67952 2010-06-20] (Sony Corporation)
3 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe" [304496 2010-06-06] (Sony Corporation)
3 SprintRcAppSvc; "C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe" /n "SprintRcAppSvc" [120128 2010-12-15] (SmithMicro Inc.)
2 sprtsvc_ddoctorv2; "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 [202560 2008-04-24] (SupportSoft, Inc.)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-05-28] (Intel Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [217968 2010-05-31] (Sony Corporation)
2 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [575856 2010-06-21] (Sony Corporation)
2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [851824 2010-06-17] (Sony Corporation)
3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [537456 2010-06-09] (Sony Corporation)
3 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [384880 2010-06-09] (Sony Corporation)
3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [101232 2010-06-09] (Sony Corporation)
3 VUAgent; "C:\Program Files\Sony\VAIO Update Common\VUAgent.exe" [1429608 2011-09-23] (Sony Corporation)
2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

2 6077757b; \??\C:\Windows\system32\drivers\regi.sys [14112 2007-04-17] (InterVideo)
3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [359040 2010-03-26] (Beceem communications pvt ltd.)
3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2010-03-26] (Beceem communications pvt ltd.)
3 DIFMBUS; C:\Windows\System32\Drivers\DIFMBUS.sys [69960 2010-04-28] (DEVGURU Co., LTD.)
3 DIFMCVsp; C:\Windows\System32\Drivers\DIFMCVsp.sys [181320 2010-04-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 DIFMMdm; C:\Windows\System32\Drivers\DIFMMdm.sys [181320 2010-04-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 DIFMNET; C:\Windows\System32\Drivers\DIFMNET.sys [123976 2010-05-04] (DEVGURU Co., LTD.)
3 DIFMNVsp; C:\Windows\System32\Drivers\DIFMNVsp.sys [181320 2010-04-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 DIFMVsp; C:\Windows\System32\Drivers\DIFMVsp.sys [181320 2010-04-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader)
1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [744072 2009-07-26] (www.ext2fsd.com)
1 ipwrzxwp; C:\Windows\System32\Drivers\ipwrzxwp.sys [50000 2012-03-29] (Microsoft Corporation)
3 MSDV; C:\Windows\System32\Drivers\MSDV.sys [61440 2009-07-13] (Microsoft Corporation)
3 NWADI; C:\Windows\System32\DRIVERS\NWADIenum.sys [255488 2010-07-28] (Novatel Wireless Inc)
3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-12-15] (Smith Micro Inc.)
2 regi; C:\Windows\System32\Drivers\regi.sys [14112 2007-04-17] (InterVideo)
2 rimspci; C:\Windows\System32\drivers\rimssne64.sys [94208 2010-06-23] (REDC)
2 risdsnpe; C:\Windows\System32\drivers\risdsne64.sys [78848 2010-06-23] (REDC)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 ser2at; C:\Windows\System32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN)
3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [97280 2010-03-12] (Prolific Technology Inc.)
3 TridVid; C:\Windows\System32\Drivers\TridVid.sys [292056 2009-03-23] (Trident Multimedia Technologies Co.,Ltd)
1 zolajuie; C:\Windows\System32\Drivers\zolajuie.sys [50000 2012-03-29] (Microsoft Corporation)
2 MSSQL$DDNI; [x]
3 NTPASp50a64; C:\Windows\System32\Drivers\NTPASp50a64.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-29 20:10 - 2012-03-29 20:10 - 0000000 ____D C:\FRST
2012-03-29 17:05 - 2012-03-29 17:05 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zolajuie.sys
2012-03-29 17:00 - 2012-03-29 17:01 - 4731392 ____A (AVAST Software) C:\Users\Cliff\Desktop\aswMBR.exe
2012-03-29 16:46 - 2012-03-29 16:46 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ipwrzxwp.sys
2012-03-27 10:49 - 2012-03-27 10:52 - 7541857 ___AT C:\Users\Cliff\Desktop\MockPowerPointFinal-3.wmv
2012-03-27 10:46 - 2009-07-13 21:32 - 26246026 ____A C:\Users\Cliff\Desktop\Wildlife.wmv
2012-03-27 09:48 - 2012-03-27 10:53 - 0009461 ____A C:\Users\Cliff\Desktop\BrightsignRSSTest1.bpf
2012-03-27 08:03 - 2012-03-27 08:03 - 0607260 ____R (Swearware) C:\Users\Cliff\Desktop\dds.scr
2012-03-27 08:00 - 2012-03-27 08:00 - 0000308 ____A C:\Users\Cliff\Desktop\ckfiles.txt
2012-03-27 07:44 - 2012-03-27 07:44 - 0458240 ____A () C:\Users\Cliff\Desktop\CKScanner.exe
2012-03-14 07:17 - 2012-03-14 07:17 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wumrsehc.sys
2012-03-14 07:17 - 2012-03-14 07:17 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\niivsifm.sys
2012-03-13 08:31 - 2012-03-13 08:32 - 0087102 ____A C:\TDSSKiller.2.7.20.0_13.03.2012_11.31.48_log.txt
2012-03-13 08:10 - 2012-03-13 08:10 - 0583528 ____A () C:\Windows\svcs.exe
2012-03-13 08:08 - 2012-03-13 08:08 - 0347424 ____A (Microsoft Corporation) C:\Users\Cliff\Downloads\MicrosoftFixit.WindowsFirewall.RNP.85255085573886962.2.1.Run.exe
2012-03-13 08:06 - 2012-03-13 08:06 - 0347424 ____A (Microsoft Corporation) C:\Users\Cliff\Downloads\MicrosoftFixit.wu.RNP.85255085573886962.1.1.Run.exe
2012-03-13 08:00 - 2012-03-13 08:00 - 0980480 ____A C:\Users\Cliff\Downloads\MicrosoftFixit50267.msi
2012-03-13 06:04 - 2012-03-29 17:07 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-13 05:53 - 2012-03-13 05:53 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-13 05:52 - 2012-03-13 05:53 - 0090340 ____A C:\TDSSKiller.2.7.20.0_13.03.2012_08.52.10_log.txt
2012-03-13 05:51 - 2012-03-14 10:11 - 0000000 ____D C:\Users\Cliff\Downloads\tdsskiller
2012-03-13 05:51 - 2012-03-13 05:51 - 2044822 ____A C:\Users\Cliff\Downloads\tdsskiller.zip
2012-03-10 03:43 - 2012-03-10 03:43 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\slbstzjz.sys
2012-03-07 05:24 - 2012-03-07 12:47 - 3943550 ____A C:\Users\user\Desktop\Rally DAY 2 WALK IN Chicago Trivia.pptx
2012-02-29 13:42 - 2012-03-14 13:06 - 0004954 ____A C:\Users\Cliff\Desktop\RentComLogo325-150.png
2012-02-29 13:42 - 2012-03-06 14:19 - 0008535 ____A C:\Users\Cliff\Desktop\Background-Thin2.png
2012-02-29 13:41 - 2012-03-29 08:40 - 0000000 ____D C:\Users\Cliff\Desktop\RentComWebsite

============ 3 Months Modified Files and Folders =============

2012-03-29 20:10 - 2012-03-29 20:10 - 0000000 ____D C:\FRST
2012-03-29 17:07 - 2012-03-13 06:04 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-29 17:07 - 2010-09-23 09:56 - 2037748 ____A C:\Windows\WindowsUpdate.log
2012-03-29 17:05 - 2012-03-29 17:05 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zolajuie.sys
2012-03-29 17:05 - 2009-07-13 21:13 - 0729752 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-29 17:02 - 2012-02-01 07:29 - 0000000 ____D C:\Users\Cliff\Desktop\Malware Scanners
2012-03-29 17:01 - 2012-03-29 17:00 - 4731392 ____A (AVAST Software) C:\Users\Cliff\Desktop\aswMBR.exe
2012-03-29 16:54 - 2011-08-23 19:49 - 0000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4245046440-4139842557-696468101-1006UA.job
2012-03-29 16:46 - 2012-03-29 16:46 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ipwrzxwp.sys
2012-03-29 16:44 - 2011-02-20 15:42 - 0000000 ___RD C:\Users\Cliff\Dropbox
2012-03-29 16:44 - 2011-02-20 15:41 - 0000000 ____D C:\Users\Cliff\AppData\Roaming\Dropbox
2012-03-29 16:44 - 2010-09-23 10:08 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-29 16:43 - 2010-09-23 10:08 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-29 14:06 - 2009-07-13 20:45 - 0014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-29 14:06 - 2009-07-13 20:45 - 0014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-29 13:59 - 2010-12-01 13:24 - 3106480128 __ASH C:\hiberfil.sys
2012-03-29 13:59 - 2010-12-01 10:49 - 0119046 ____A C:\Windows\setupact.log
2012-03-29 13:59 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-29 08:40 - 2012-02-29 13:41 - 0000000 ____D C:\Users\Cliff\Desktop\RentComWebsite
2012-03-27 17:44 - 2010-12-04 13:40 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-27 14:08 - 2010-12-02 19:42 - 0000000 ____D C:\Users\Cliff\AppData\Local\Google
2012-03-27 10:53 - 2012-03-27 09:48 - 0009461 ____A C:\Users\Cliff\Desktop\BrightsignRSSTest1.bpf
2012-03-27 10:52 - 2012-03-27 10:49 - 7541857 ___AT C:\Users\Cliff\Desktop\MockPowerPointFinal-3.wmv
2012-03-27 08:03 - 2012-03-27 08:03 - 0607260 ____R (Swearware) C:\Users\Cliff\Desktop\dds.scr
2012-03-27 08:00 - 2012-03-27 08:00 - 0000308 ____A C:\Users\Cliff\Desktop\ckfiles.txt
2012-03-27 07:54 - 2011-01-24 19:13 - 0000000 ____D C:\Users\Cliff\Desktop\Personal
2012-03-27 07:44 - 2012-03-27 07:44 - 0458240 ____A () C:\Users\Cliff\Desktop\CKScanner.exe
2012-03-25 19:54 - 2011-08-23 19:49 - 0000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4245046440-4139842557-696468101-1006Core.job
2012-03-23 14:34 - 2011-01-19 07:23 - 0000000 ____D C:\Users\Cliff\AppData\Roaming\FileZilla
2012-03-22 18:55 - 2011-11-10 08:49 - 0000000 ____D C:\Users\Cliff\AppData\Local\Akamai
2012-03-20 09:25 - 2010-12-02 19:32 - 0000000 ____D C:\users\Cliff
2012-03-20 09:25 - 2010-11-11 14:24 - 0000000 ____D C:\users\user
2012-03-20 09:25 - 2010-09-23 10:31 - 0000000 ____D C:\users\boinc_master
2012-03-20 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-20 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-20 06:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-14 18:34 - 2011-01-03 09:07 - 0323881 ____A C:\test.xml
2012-03-14 13:06 - 2012-02-29 13:42 - 0004954 ____A C:\Users\Cliff\Desktop\RentComLogo325-150.png
2012-03-14 10:11 - 2012-03-13 05:51 - 0000000 ____D C:\Users\Cliff\Downloads\tdsskiller
2012-03-14 07:17 - 2012-03-14 07:17 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wumrsehc.sys
2012-03-14 07:17 - 2012-03-14 07:17 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\niivsifm.sys
2012-03-13 08:32 - 2012-03-13 08:31 - 0087102 ____A C:\TDSSKiller.2.7.20.0_13.03.2012_11.31.48_log.txt
2012-03-13 08:10 - 2012-03-13 08:10 - 0583528 ____A () C:\Windows\svcs.exe
2012-03-13 08:09 - 2011-02-06 11:06 - 0000000 ____D C:\Users\Cliff\AppData\Local\ElevatedDiagnostics
2012-03-13 08:08 - 2012-03-13 08:08 - 0347424 ____A (Microsoft Corporation) C:\Users\Cliff\Downloads\MicrosoftFixit.WindowsFirewall.RNP.85255085573886962.2.1.Run.exe
2012-03-13 08:06 - 2012-03-13 08:06 - 0347424 ____A (Microsoft Corporation) C:\Users\Cliff\Downloads\MicrosoftFixit.wu.RNP.85255085573886962.1.1.Run.exe
2012-03-13 08:00 - 2012-03-13 08:00 - 0980480 ____A C:\Users\Cliff\Downloads\MicrosoftFixit50267.msi
2012-03-13 05:53 - 2012-03-13 05:53 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-13 05:53 - 2012-03-13 05:52 - 0090340 ____A C:\TDSSKiller.2.7.20.0_13.03.2012_08.52.10_log.txt
2012-03-13 05:51 - 2012-03-13 05:51 - 2044822 ____A C:\Users\Cliff\Downloads\tdsskiller.zip
2012-03-10 03:43 - 2012-03-10 03:43 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\slbstzjz.sys
2012-03-07 12:47 - 2012-03-07 05:24 - 3943550 ____A C:\Users\user\Desktop\Rally DAY 2 WALK IN Chicago Trivia.pptx
2012-03-06 14:19 - 2012-02-29 13:42 - 0008535 ____A C:\Users\Cliff\Desktop\Background-Thin2.png
2012-03-06 13:53 - 2011-01-19 07:23 - 0000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-03-06 13:53 - 2010-12-21 09:56 - 0000000 ____D C:\Users\Cliff\AppData\Roaming\vlc
2012-03-05 08:51 - 2012-02-23 15:25 - 0000000 ____D C:\Users\Cliff\Desktop\Abbot
2012-02-29 13:46 - 2012-01-11 19:27 - 0000000 ____D C:\Users\Cliff\Desktop\RentComTestHomePage
2012-02-28 08:45 - 2010-12-04 13:12 - 0000000 ____D C:\Users\Cliff\AppData\Local\Apple Computer
2012-02-26 18:55 - 2009-07-13 18:34 - 0000882 ____A C:\Windows\System32\Drivers\etc\hosts.old
2012-02-25 14:39 - 2012-02-25 14:39 - 0000826 ____A C:\Users\user\Desktop\Pre-DinnerMovies.xspf
2012-02-25 14:37 - 2010-12-01 14:20 - 0000000 ____D C:\Users\user\AppData\Roaming\vlc
2012-02-25 13:52 - 2010-11-11 14:31 - 0103736 ____A C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-25 11:01 - 2012-02-25 14:34 - 4270775 ____A C:\Users\user\Desktop\Pre-Dinner2.m4v
2012-02-24 16:53 - 2012-01-27 10:49 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-24 14:32 - 2012-02-25 14:33 - 7478878 ____A C:\Users\user\Desktop\Pre-DinnerMovie1.m4v
2012-02-23 21:08 - 2011-09-02 11:35 - 0000995 ____A C:\Users\Cliff\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-23 21:08 - 2011-09-02 11:35 - 0000995 ____A C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-23 21:08 - 2011-02-20 15:42 - 0001015 ____A C:\Users\Cliff\Desktop\Dropbox.lnk
2012-02-22 19:49 - 2009-07-13 20:45 - 4950080 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-22 14:56 - 2011-05-04 04:36 - 0000000 ____D C:\Users\Cliff\Desktop\BrightSign Related
2012-02-22 14:15 - 2010-12-02 19:32 - 0103736 ____A C:\Users\Cliff\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-22 13:59 - 2012-02-22 13:59 - 0002771 ____A C:\Users\Public\Desktop\BrightAuthor.lnk
2012-02-22 13:58 - 2012-02-22 13:57 - 8110977 ____A C:\Users\Cliff\Downloads\setup_BrightAuthor2.4.0.17.zip
2012-02-22 13:56 - 2012-02-22 13:52 - 32121623 ____A C:\Users\Cliff\Downloads\HDCompact_Update_3.8.19.zip
2012-02-22 13:47 - 2012-02-22 13:21 - 0008063 ____A C:\Users\Cliff\Documents\Abbot.bpf
2012-02-22 10:34 - 2012-02-22 10:33 - 8846557 ____A C:\Users\Cliff\Downloads\BrightAuthorSetup2.3.0.73.zip
2012-02-22 06:46 - 2012-02-22 06:46 - 0000000 ____D C:\Users\Cliff\AppData\Local\{7C755E71-C574-43B6-815D-39020209DE06}
2012-02-22 06:46 - 2012-02-22 06:46 - 0000000 ____D C:\Users\Cliff\AppData\Local\{0F16DDCA-F0D8-472A-9A42-5BC8BBC9A02B}
2012-02-22 06:46 - 2011-04-27 12:08 - 0000000 ____D C:\Users\Cliff\AppData\Local\Windows Live
2012-02-21 17:35 - 2012-02-22 09:54 - 0018512 ____A C:\Users\Cliff\Desktop\lightbox.js
2012-02-20 06:47 - 2011-09-28 11:28 - 0000000 ____D C:\Users\Cliff\Desktop\Test Patterns
2012-02-18 19:15 - 2012-02-20 06:26 - 1442052 ____A C:\Users\Cliff\Desktop\Qulinez-Troll.mp3
2012-02-16 08:15 - 2012-02-16 07:52 - 0000000 ____D C:\Users\Cliff\Desktop\RentCom Test Homepage Old
2012-02-15 17:27 - 2010-12-27 14:17 - 0000000 ____D C:\Users\Cliff\Desktop\Rent Com Work
2012-02-15 17:27 - 2010-11-12 13:49 - 0000000 __RHD C:\MSOCache
2012-02-15 13:03 - 2012-02-15 13:03 - 0012895 ____A C:\Users\Cliff\Desktop\CanonVixiaInventory.xlsx
2012-02-15 09:45 - 2012-02-15 09:34 - 0000973 ____A C:\Users\Cliff\Desktop\TestPage.php
2012-02-15 09:33 - 2012-02-15 09:33 - 0002065 ____A C:\Users\Cliff\Desktop\Test3.html
2012-02-13 15:37 - 2012-02-13 15:30 - 0000952 ____A C:\Windows\cmvpt32.ini
2012-02-13 15:29 - 2011-05-04 04:33 - 0000000 ____D C:\Users\Cliff\Desktop\Crestron Related
2012-02-13 15:05 - 2010-07-12 13:29 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-02-13 15:04 - 2012-02-13 15:04 - 2371836 ____A C:\Users\Cliff\Downloads\PL2303_Prolific_DriverInstaller_v1210.zip
2012-02-13 14:06 - 2011-01-07 07:28 - 0000000 ____D C:\Program Files (x86)\Just BASIC v1.01
2012-02-13 13:43 - 2012-02-13 13:42 - 0006411 ____A C:\Users\Cliff\Downloads\autorun(1).zip
2012-02-13 12:12 - 2012-02-13 12:12 - 0011579 ____A C:\Users\Cliff\Documents\Project 1.bpf
2012-02-08 12:10 - 2010-11-11 14:54 - 0000000 ____D C:\Users\user\AppData\Local\Google
2012-02-06 07:31 - 2011-03-28 12:36 - 0001456 ____A C:\Users\Cliff\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-02-04 23:14 - 2012-02-01 07:28 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-02-03 10:26 - 2012-01-04 06:32 - 0000000 ____D C:\Users\Cliff\Desktop\Flash
2012-02-01 10:02 - 2011-04-16 11:20 - 0000952 __ASH C:\Users\All Users\KGyGaAvL.sys
2012-02-01 10:02 - 2011-04-16 11:20 - 0000952 __ASH C:\ProgramData\KGyGaAvL.sys
2012-02-01 09:43 - 2011-04-06 11:11 - 0000000 ____D C:\Program Files (x86)\Search Toolbar
2012-02-01 07:38 - 2010-12-30 09:43 - 0306618 ____A C:\Windows\ntbtlog.txt
2012-02-01 07:24 - 2012-02-01 07:21 - 12903112 ____A (SUPERAntiSpyware.com) C:\Users\Cliff\Downloads\SUPERAntiSpyware.exe
2012-01-31 14:24 - 2012-01-12 06:50 - 0000000 ____D C:\Users\Cliff\Desktop\CliffWebsite2012
2012-01-31 04:44 - 2010-11-12 16:05 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-30 11:15 - 2011-06-25 09:18 - 0000000 ____D C:\Program Files (x86)\comcasttb
2012-01-30 08:20 - 2012-01-30 08:20 - 0274072 ____A C:\Windows\Minidump\013012-41605-01.dmp
2012-01-30 08:20 - 2010-12-30 09:02 - 969873754 ____A C:\Windows\MEMORY.DMP
2012-01-30 08:20 - 2010-11-18 20:58 - 0000000 ____D C:\Windows\Minidump
2012-01-28 19:27 - 2012-01-26 07:13 - 0000000 ____D C:\Users\Cliff\Desktop\Australia
2012-01-27 14:51 - 2012-01-27 14:50 - 0000000 ____D C:\Users\Cliff\Desktop\Sponsor's Videos
2012-01-27 10:49 - 2012-01-27 10:49 - 0000000 ____D C:\Users\Cliff\AppData\Roaming\Malwarebytes
2012-01-27 10:49 - 2012-01-27 10:49 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-27 10:49 - 2012-01-27 10:49 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-27 10:48 - 2012-01-27 10:42 - 10847608 ____A (Malwarebytes Corporation ) C:\Users\Cliff\Downloads\mbam-setup-1.60.0.1800(1).exe
2012-01-27 10:23 - 2012-01-27 10:23 - 0066896 ____A (Malwarebytes Corporation) C:\Users\Cliff\Downloads\mbam-clean.exe
2012-01-26 08:12 - 2010-12-02 19:42 - 0000000 ____D C:\Users\Cliff\AppData\Roaming\Adobe
2012-01-26 08:12 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-01-25 18:08 - 2010-12-02 09:13 - 0000258 _RASH C:\Users\All Users\ntuser.pol
2012-01-25 18:08 - 2010-12-02 09:13 - 0000258 _RASH C:\ProgramData\ntuser.pol
2012-01-25 13:05 - 2012-01-25 13:05 - 0000012 ____A C:\Windows\srun.log
2012-01-22 19:26 - 2012-01-22 19:26 - 0000000 ____D C:\Windows\System32\Macromed
2012-01-22 19:26 - 2011-09-01 12:37 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-01-22 18:31 - 2011-08-03 10:57 - 0000000 ____D C:\Users\Cliff\Documents\TT Installer Logs
2012-01-21 19:14 - 2012-01-21 19:14 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-01-21 15:20 - 2012-01-21 15:20 - 17091208 ____A C:\Users\Cliff\Downloads\TeladeoMeeting_1.f4v
2012-01-20 15:05 - 2012-01-20 15:00 - 0013094 ____A C:\Users\Cliff\Desktop\index2.html
2012-01-20 14:55 - 2012-01-20 12:35 - 0012873 ____A C:\Users\Cliff\Desktop\index.html
2012-01-20 12:35 - 2012-01-20 12:35 - 0010741 ____A C:\Users\Cliff\Desktop\Untitled-2.html
2012-01-20 11:26 - 2012-01-20 12:28 - 0010363 ____A C:\Users\Cliff\Desktop\RentComLogo200.png
2012-01-20 07:06 - 2011-04-28 04:29 - 0000000 ____D C:\Users\Creative Soundz Inc\Desktop\Bears Expo 2011
2012-01-20 06:44 - 2009-07-13 21:08 - 0032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-19 19:34 - 2012-01-19 19:34 - 0000000 ____D C:\Users\Cliff\Desktop\Jewel011912
2012-01-18 19:33 - 2012-01-18 19:04 - 48398930 ____A C:\Users\Cliff\Desktop\SNLEffect2.psd
2012-01-18 19:33 - 2012-01-18 05:28 - 3480358 ____A C:\Users\Cliff\Desktop\SNLEffect.psd
2012-01-18 18:56 - 2012-01-18 18:56 - 5393169 ____A C:\Users\Cliff\Desktop\HighResGirl.jpg
2012-01-17 18:50 - 2012-01-17 18:50 - 0078234 ____A C:\Users\Cliff\Desktop\MeganFoxBlack&White.jpg
2012-01-16 14:34 - 2012-01-16 11:32 - 0000000 ____D C:\Users\Cliff\Desktop\WebTest
2012-01-16 13:42 - 2012-01-16 13:42 - 0021981 ____A C:\Users\Cliff\Desktop\Trin.jpg
2012-01-16 13:12 - 2012-01-16 13:11 - 10847608 ____A (Malwarebytes Corporation ) C:\Users\Cliff\Downloads\mbam-setup-1.60.0.1800.exe
2012-01-16 08:44 - 2012-01-16 07:55 - 0000132 ____A C:\Users\Cliff\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-01-16 08:44 - 2012-01-16 07:48 - 0000000 ____D C:\Users\Cliff\Desktop\Optimized Photos
2012-01-14 15:20 - 2012-01-14 15:20 - 17879406 ____A C:\Users\Cliff\Desktop\hair_brushes_II_by_lpdragonfly.abr
2012-01-14 15:15 - 2012-01-14 15:15 - 0367034 ____A C:\Users\Cliff\Desktop\Unreal_Brushes_v_3_by_Edelihu.abr
2012-01-13 12:50 - 2010-12-12 22:09 - 0000000 ____D C:\Users\Cliff\AppData\Local\CrashDumps
2012-01-13 09:43 - 2011-08-11 07:05 - 0000000 ____D C:\Users\Cliff\Desktop\Cliff's Website
2012-01-13 07:15 - 2012-01-13 07:15 - 0000000 ____D C:\Users\Cliff\Desktop\Room122_Sidewalk_OilStains
2012-01-13 07:09 - 2012-01-13 07:08 - 5717361 ____A C:\Users\Cliff\Desktop\Room122_Sidewalk_OilStains.zip
2012-01-12 15:29 - 2012-01-11 19:28 - 0238053 ____A C:\Users\Cliff\Desktop\HomePage.psd
2012-01-11 18:24 - 2010-12-21 09:37 - 0000000 ____D C:\Users\Cliff\AppData\Local\Adobe
2012-01-11 18:20 - 2012-01-03 13:40 - 0000000 ____D C:\Program Files\Adobe
2012-01-11 18:20 - 2011-03-26 08:22 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-01-11 18:20 - 2011-03-26 08:22 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2012-01-11 18:20 - 2011-03-26 07:56 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-01-11 18:19 - 2010-11-12 17:13 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-01-11 16:45 - 2012-01-11 16:35 - 0000000 ____D C:\Users\Cliff\Adobe Photoshop CS5.1
2012-01-11 12:28 - 2012-01-11 12:28 - 0000000 ____D C:\Users\Cliff\AppData\Local\Conference Client
2012-01-11 12:28 - 2012-01-11 12:22 - 0000000 ____D C:\Users\Cliff\AppData\Local\Radvision
2012-01-11 12:22 - 2012-01-11 12:21 - 0965744 ____A (RADVISION Ltd.) C:\Users\Cliff\Downloads\MgrInst.exe
2012-01-09 12:17 - 2012-01-09 12:17 - 0000000 ____D C:\Program Files\Total Training
2012-01-08 10:55 - 2012-01-08 10:55 - 0000000 ____D C:\Users\user\Documents\Total Training
2012-01-08 10:55 - 2010-11-11 14:24 - 0000000 ____D C:\Users\user\AppData\Roaming\Macromedia
2012-01-08 10:54 - 2012-01-08 10:53 - 0000000 ____D C:\Users\user\Desktop\Project Files - AECS5 Ess
2012-01-08 10:52 - 2012-01-08 10:52 - 0000000 ____D C:\Users\user\Documents\TT Installer Logs
2012-01-03 13:38 - 2010-09-23 10:05 - 0000000 ____D C:\Users\All Users\Adobe
2012-01-03 13:38 - 2010-09-23 10:05 - 0000000 ____D C:\ProgramData\Adobe
2012-01-03 13:33 - 2012-01-03 11:55 - 0000000 ____D C:\Users\Cliff\Adobe Flash Professional CS5.5
2012-01-03 11:54 - 2012-01-03 11:54 - 0000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2012-01-03 11:54 - 2011-07-27 06:25 - 0000000 ____D C:\Users\Cliff\Desktop\CS5.5 Master Collection
2012-01-01 23:12 - 2010-12-04 13:12 - 0000000 ____D C:\Users\Cliff\AppData\Roaming\Apple Computer
2012-01-01 22:04 - 2012-01-01 22:04 - 0001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-01-01 22:04 - 2012-01-01 22:03 - 0000000 ____D C:\Program Files\iTunes
2012-01-01 22:04 - 2012-01-01 22:03 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-01-01 22:03 - 2012-01-01 22:03 - 0000000 ____D C:\Program Files\iPod

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3950.1 MB
Available physical RAM: 3334.91 MB
Total Pagefile: 3948.25 MB
Available Pagefile: 3316.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:455.02 GB) (Free:202.36 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:10.65 GB) (Free:0.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:1.88 GB) (Free:1.75 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1930 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 10 GB 1024 KB
Partition 2 Primary 100 MB 10 GB
Partition 3 Primary 455 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 10 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 455 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1929 MB 764 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 1929 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-22 06:35

======================= End Of Log ==========================

Thanks for your help Gary!
SnoopJre
Active Member
 
Posts: 11
Joined: March 13th, 2012, 5:19 pm

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby Gary R » March 30th, 2012, 6:15 am

Before proceeding any further, if you haven't already backed up your personal files and folders, please do so.

OK, you're definitely infected, so we need to remove the infection, this is the first step ....

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
HKU\user\...\Run: [conhost] C:\Users\user\AppData\Roaming\Microsoft\conhost.exe [x]
C:\Users\user\AppData\Roaming\Microsoft\conhost.exe
SubSystems: [Windows] ==> ZeroAccess
2 NetworkLog; C:\Windows\svcs.exe [583528 2012-03-13] ()
C:\Windows\svcs.exe
1 ipwrzxwp; C:\Windows\System32\Drivers\ipwrzxwp.sys [50000 2012-03-29] (Microsoft Corporation)
C:\Windows\System32\Drivers\ipwrzxwp.sys
1 zolajuie; C:\Windows\System32\Drivers\zolajuie.sys [50000 2012-03-29] (Microsoft Corporation)
C:\Windows\System32\Drivers\zolajuie.sys
3 NTPASp50a64; C:\Windows\System32\Drivers\NTPASp50a64.sys [x]
C:\Windows\System32\Drivers\NTPASp50a64.sys
C:\Windows\System32\Drivers\wumrsehc.sys
C:\Windows\System32\Drivers\niivsifm.sys
C:\Windows\System32\Drivers\slbstzjz.sys
C:\Windows\System32\Drivers\wumrsehc.sys
C:\Windows\System32\Drivers\niivsifm.sys

    • Save it to your USB flashdrive as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Boot into Recovery Environment

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt on your USB flashdrive.
  • Exit out of Recovery Environment and post me the log please.

Next

Run a new scan using aswMBR and post me the log please ..... DO NOT TRY TO FIX ANYTHING THAT aswMBR MAY FIND

Summary of the logs I need from you in your next post:
  • fixlog.txt
  • Latest aswMBR log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby SnoopJre » March 30th, 2012, 11:08 am

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-03-30 10:03:03 R:1
Running from G:\

==============================================

HKEY_USERS\user\Software\Microsoft\Windows\CurrentVersion\Run\\conhost Value deleted successfully.
C:\Users\user\AppData\Roaming\Microsoft\conhost.exe not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
NetworkLog service deleted successfully.
C:\Windows\svcs.exe moved successfully.
ipwrzxwp service not found.
C:\Windows\System32\Drivers\ipwrzxwp.sys not found.
zolajuie service not found.
C:\Windows\System32\Drivers\zolajuie.sys not found.
NTPASp50a64 service deleted successfully.
C:\Windows\System32\Drivers\NTPASp50a64.sys not found.
C:\Windows\System32\Drivers\wumrsehc.sys moved successfully.
C:\Windows\System32\Drivers\niivsifm.sys moved successfully.
C:\Windows\System32\Drivers\slbstzjz.sys moved successfully.
C:\Windows\System32\Drivers\wumrsehc.sys not found.
C:\Windows\System32\Drivers\niivsifm.sys not found.

==== End of Fixlog ====
SnoopJre
Active Member
 
Posts: 11
Joined: March 13th, 2012, 5:19 pm

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby SnoopJre » March 30th, 2012, 11:09 am

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 10:05:46
-----------------------------
10:05:46.722 OS Version: Windows x64 6.1.7600
10:05:46.722 Number of processors: 4 586 0x2505
10:05:46.723 ComputerName: VAIO04 UserName: Cliff
10:05:50.906 Initialize success
10:05:55.956 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:05:55.958 Disk 0 Vendor: ST950032 0006 Size: 476940MB BusType: 3
10:05:55.989 Disk 0 MBR read successfully
10:05:55.991 Disk 0 MBR scan
10:05:55.993 Disk 0 Windows 7 default MBR code
10:05:56.011 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10901 MB offset 2048
10:05:56.031 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 22327296
10:05:56.039 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 465937 MB offset 22532096
10:05:56.073 Disk 0 scanning C:\Windows\system32\drivers
10:06:20.280 Service scanning
10:06:38.365 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
10:06:53.010 Modules scanning
10:06:53.017 Disk 0 trace - called modules:
10:06:53.050 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
10:06:53.057 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800638a060]
10:06:53.062 3 CLASSPNP.SYS[fffff88001b1843f] -> nt!IofCallDriver -> [0xfffffa8004011e40]
10:06:53.066 5 ACPI.sys[fffff88000f13781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004016050]
10:06:53.070 Scan finished successfully
10:07:04.959 Disk 0 MBR has been saved successfully to "C:\Users\Cliff\Desktop\Malware Scanners\MBR.dat"
10:07:04.964 The log file has been saved successfully to "C:\Users\Cliff\Desktop\Malware Scanners\aswMBR2.txt"
SnoopJre
Active Member
 
Posts: 11
Joined: March 13th, 2012, 5:19 pm

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby Gary R » March 30th, 2012, 12:28 pm

Looking better, now for stage two .....

First

Since you have Malwarebytes Anti-Malware installed ....

  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.
    • Click the Updates tab.
      • Click Check for Updates and allow the programme to download the latest definitions.
    • Click the Scanner tab.
      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.
      • Post the log in your next reply please.

You can also access the log by doing the following
  • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • MBAM log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

Let me know how your computer is behaving as well please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby SnoopJre » March 31st, 2012, 8:44 am

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.30.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Cliff :: VAIO04 [administrator]

3/30/2012 11:31:16 AM
mbam-log-2012-03-30 (11-31-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 263946
Time elapsed: 9 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Cliff\AppData\Local\Temp\0.5264447505926535 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Cliff\AppData\Local\Temp\nswE7C0.tmp\kppxza.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
SnoopJre
Active Member
 
Posts: 11
Joined: March 13th, 2012, 5:19 pm

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby SnoopJre » March 31st, 2012, 8:45 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a38f82d854462c4a88993dca021c533e
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-30 05:30:07
# local_time=2012-03-30 12:30:07 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5891 16776893 42 87 0 44227803 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=89763
# found=0
# cleaned=0
# scan_time=2066
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a38f82d854462c4a88993dca021c533e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-31 06:39:32
# local_time=2012-03-31 01:39:32 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5891 16776893 42 87 0 44269532 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=339646
# found=14
# cleaned=0
# scan_time=7702
C:\Users\Cliff\AppData\Local\Temp\photoshop-bundle.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Cliff\AppData\Local\Temp\softonic-us-silent.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Cliff\Downloads\avc-free.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Cliff\Downloads\MediaInfo_GUI_0.7.43_Windows_x64.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Cliff\Downloads\PhotoshopCS5Installer.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Cliff\Downloads\SoftonicDownloader_for_mediainfo.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\jar_cache1293534742777770260.tmp probably a variant of Java/TrojanDownloader.OpenStream.NCI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\541311a7-2f23aee8 a variant of Win32/Kryptik.ZVG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6a822232-30299235 Java/Exploit.CVE-2011-3544.AG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\system64\consrv.dll Win64/Sirefef.G trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\541311a7-2f23aee8 a variant of Win32/Kryptik.ZVG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6a822232-30299235 Java/Exploit.CVE-2011-3544.AG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Temp\Photo.class a variant of Java/Exploit.CVE-2011-3544.BA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Temp\omrhll\setup.exe probably a variant of Win32/TrojanDownloader.Delf.HREKPUQ trojan (unable to clean) 00000000000000000000000000000000 I
SnoopJre
Active Member
 
Posts: 11
Joined: March 13th, 2012, 5:19 pm

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby Gary R » March 31st, 2012, 11:40 am

Still a few things to do ....

First

We need to clean out your java cache.

  • Click Start then type java into the Search programs and files box.
  • Click on the java icon at the top of the find list. This will open java.
  • On the General tab, under Temporary Internet Files, click the Settings... button.
  • Click on the Delete Files .... button to remove all the cached files.
  • A box will pop up. Ensure the following are checked.
    • Applications and Applets.
    • Trace and log files.
  • Click OK to close the pop-up window.
  • Click OK in the Temporary files settings window.
  • Click OK to leave the Java Control Panel.

Next

Download OTM by Old Timer and save it to your Desktop.

Alternative Download
  • Double-click OTM.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
:Files
C:\Users\Cliff\AppData\Local\Temp\photoshop-bundle.exe
C:\Users\Cliff\AppData\Local\Temp\softonic-us-silent.exe
C:\Users\Cliff\Downloads\avc-free.exe
C:\Users\Cliff\Downloads\MediaInfo_GUI_0.7.43_Windows_x64.exe
C:\Users\Cliff\Downloads\PhotoshopCS5Installer.exe
C:\Users\Cliff\Downloads\SoftonicDownloader_for_mediainfo.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\jar_cache1293534742777770260.tmp
C:\Windows\system64\consrv.dll
C:\Windows\Temp\Photo.class
C:\Windows\Temp\omrhll\setup.exe

:Commands
[emptytemp]
[resethosts]

  • Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM

How's your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby SnoopJre » April 1st, 2012, 12:48 pm

All processes killed
========== FILES ==========
C:\Users\Cliff\AppData\Local\Temp\photoshop-bundle.exe moved successfully.
C:\Users\Cliff\AppData\Local\Temp\softonic-us-silent.exe moved successfully.
C:\Users\Cliff\Downloads\avc-free.exe moved successfully.
C:\Users\Cliff\Downloads\MediaInfo_GUI_0.7.43_Windows_x64.exe moved successfully.
C:\Users\Cliff\Downloads\PhotoshopCS5Installer.exe moved successfully.
C:\Users\Cliff\Downloads\SoftonicDownloader_for_mediainfo.exe moved successfully.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\jar_cache1293534742777770260.tmp moved successfully.
File/Folder C:\Windows\system64\consrv.dll not found.
C:\Windows\Temp\Photo.class moved successfully.
C:\Windows\Temp\omrhll\setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: boinc_master
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Cliff
->Temp folder emptied: 2557341588 bytes
->Temporary Internet Files folder emptied: 176404998 bytes
->Java cache emptied: 12219 bytes
->FireFox cache emptied: 105699280 bytes
->Google Chrome cache emptied: 354703231 bytes
->Flash cache emptied: 8362350 bytes

User: Creative Soundz Inc
->Temp folder emptied: 415037 bytes
->Temporary Internet Files folder emptied: 43530759 bytes
->Flash cache emptied: 3511 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 4733423 bytes
->Temporary Internet Files folder emptied: 21113570 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47337161 bytes
->Google Chrome cache emptied: 223375372 bytes
->Flash cache emptied: 42276 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 940940559 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 214706 bytes
RecycleBin emptied: 26496691592 bytes

Total Files Cleaned = 29,546.00 mb

HOSTS file reset successfully

OTM by OldTimer - Version 3.1.19.0 log created on 04012012_114144

Files moved on Reboot...
C:\Users\Cliff\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
SnoopJre
Active Member
 
Posts: 11
Joined: March 13th, 2012, 5:19 pm

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby Gary R » April 1st, 2012, 2:10 pm

How's your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Alureon.FP and Sirefef.J Viruses and Firewall Issues

Unread postby SnoopJre » April 1st, 2012, 2:47 pm

It's been running very well! Although even when it was infected, I never really had any problems with it, I just kept getting messages from MSE that I was infected with the Alureon and Sirefef Viruses and it prompted me to remove them. I haven't received any messages from MSE now, and my computer has been running flawlessly. Thanks again for everything you have done! You are awesome!
SnoopJre
Active Member
 
Posts: 11
Joined: March 13th, 2012, 5:19 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 114 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware