Edit: After scanning in safe mode Norton found 4 threats and Malware Anti-bytes two. One of the ones Norton found was 'maljava' so I assumed it's to do with Java. So I updated that to the most recent. So far I do not seem to be redirected to sites anymore, but there is deffo something wrong with my laptop. It always says Host process has stopped working, and then I am unable to start any programs, and the longer my laptop is on the more abnormalities that happen. For example it crashes and restarts windows explorer, but my task bar comes back in a windows 97 like theme. And instead of Norton reporting malicious websites attacking it now says that unauthorsed access is blocked, which it says originates from C:\PROGAM FILES\ACER\ACER BIO PROTECTION\PWDBANK.EXE. It says the target is: C:\Program files\Norton Internet Sercurity\Engine\18.5.0.125\ccsvchst.exe. This attack happens just as much as the ip/websites that were attacking previously.
DDS log is as follows:
.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Myron at 23:39:45.31 on 05/04/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1884 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\Navw32.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Users\Myron\Desktop\dds.scr
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - d:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - d:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - d:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter
IFEO: acervcm.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: decryption.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: eaudio.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: edstbmngr.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: framework.launcher.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\myron\appdata\roaming\mozilla\firefox\profiles\kx22y9ex.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Plusmedia uk Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox ... B:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2567697&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\myron\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\myron\appdata\roaming\mozilla\firefox\profiles\kx22y9ex.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\myron\appdata\roaming\mozilla\firefox\profiles\kx22y9ex.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\myron\appdata\roaming\mozilla\firefox\profiles\kx22y9ex.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\users\myron\appdata\roaming\mozilla\firefox\profiles\kx22y9ex.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - plugin: c:\users\myron\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Plusmedia uk Community Toolbar: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - %profile%\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Veoh Web Player Community Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coFFPlgn
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\myron\appdata\roaming\idm\idmmzcc3
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-connections-per-server - 8
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2009-11-29 43184]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-4 59240]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\symds.sys [2011-3-7 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\symefa.sys [2011-3-7 652336]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-3-10 800376]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110330.001\IDSvix86.sys [2011-3-31 353912]
S1 RapportCerberus_23945;RapportCerberus_23945;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\23945\RapportCerberus_23945.sys [2011-2-27 55224]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-4 169320]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys [2011-3-7 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys [2011-3-7 330360]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/03/03 13:27:34];c:\program files\acer arcade deluxe\playmovie\000.fcl [2009-11-29 87536]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-7 172032]
S2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-11-29 75048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-10-25 95568]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-8 136176]
S2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2009-11-29 3474432]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-25 363344]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.5.0.125\ccsvchst.exe [2011-3-7 130000]
S2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2009-11-29 122368]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-4-7 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-4-7 157184]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-12-8 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-10-25 18120]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-9 102448]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-15 36640]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-3-21 84240]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-25 20952]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\23645\RapportIaso.sys [2011-2-17 18872]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-12-8 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-12-8 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-12-8 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2010-12-8 98152]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-22 40752]
S4 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-21 24576]
.
=============== Created Last 30 ================
.
2011-03-23 00:25:03 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 00:25:03 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 00:25:02 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-13 00:02:29 -------- d-----w- c:\users\myron\appdata\roaming\KeePass
2011-03-12 23:57:46 -------- d-----w- c:\program files\KeePass Password Safe 2
2011-03-12 12:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 12:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-03-09 15:09:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 15:09:02 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 15:09:02 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 15:09:02 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 15:08:59 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 15:08:59 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-07 22:03:11 330360 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys
2011-03-07 22:03:11 295032 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symnets.sys
2011-03-07 22:03:10 652336 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symefa.sys
2011-03-07 22:03:10 509560 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\srtsp.sys
2011-03-07 22:03:10 50168 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\srtspx.sys
2011-03-07 22:03:10 340016 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symds.sys
2011-03-07 22:03:09 136312 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys
2011-03-07 22:02:46 -------- d-----w- c:\windows\system32\drivers\nis\1205000.07D
2011-03-07 21:35:50 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-07 21:35:50 -------- d-----w- c:\program files\Symantec
2011-03-07 21:35:24 -------- d-----w- c:\windows\system32\drivers\NIS
2011-03-07 21:35:21 -------- d-----w- c:\program files\Norton Internet Security
2011-03-07 21:34:58 -------- d-----w- c:\program files\NortonInstaller
.
==================== Find3M ====================
.
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-18 22:28:03 709456 ----a-w- c:\windows\is-9RQDG.exe
2011-01-16 13:46:46 258352 ----a-w- c:\windows\system32\unicows.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x89078439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8907e7d0]; MOV EAX, [0x8907e84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x84862912] -> \Device\Harddisk0\DR0[0x89052A00]
3 CLASSPNP[0x853B08B3] -> ntkrnlpa!IofCallDriver[0x84862912] -> [0x881AF900]
5 acpi[0x807C16BC] -> ntkrnlpa!IofCallDriver[0x84862912] -> [0x881B4028]
\Driver\iaStor[0x8905EF38] -> IRP_MJ_CREATE -> 0x89078439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD2500BEVS-22UST0___________________01.01A01#4&2174dca&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 23:49:15.24 ===============
Attach file as follows:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 30/11/2009 03:24:06
System Uptime: 05/04/2011 23:20:38 (0 hours ago)
.
Motherboard: Acer | | Aspire 6920
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 1995/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 111 GiB total, 15.797 GiB free.
D: is FIXED (NTFS) - 108 GiB total, 36.333 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
.
==== Image File Execution Options =============
.
IFEO: acervcm.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: decryption.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: eaudio.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: edstbmngr.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: framework.launcher.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: uninstall.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
.
==== Installed Programs ======================
.
.
ABBYY FineReader 6.0 Sprint
Acer Arcade Deluxe
Acer Bio Protection
Acer Crystal Eye webcam Ver:1.1.58.429
Acer eAudio Management
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer VCM
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Agere Systems HDA Modem
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Bonjour
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Conduit Engine
DAEMON Tools Toolbar
Deadly Sin
Deadly Sin 2 Shining Faith 1.00
Definition update for Microsoft Office 2010 (KB982726)
DivX Setup
EA Download Manager
ECM (Error Code Modeler)
Epson Easy Photo Print 2
Epson Event Manager
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
EPSON SX210 Series Printer Uninstall
Facebook Plug-In
FLAC 1.2.1b (remove only)
Gadwin PrintScreen
GearDrvs
Glary Utilities 2.29.0.1032
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
Internet Download Manager
IrfanView (remove only)
ITECIR Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 21
JMicron JMB38X Flash Media Controller
K-Lite Mega Codec Pack 3.6.5
KeePass Password Safe 2.14
Kies
Launch Manager
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v. 1.3.1249.0
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.16)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Next Generation Visualisations
Norton 360
Norton Internet Security
Oliveair Games
PCSX2 - Playstation 2 Emulator
QuickTime
Rapport
Realtek High Definition Audio Driver
SAMSUNG USB Driver for Mobile Phones
Sandboxie 3.42
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Sims3 Package Editor
Skins
Skype Toolbars
Skype™ 4.2
Synaptics Pointing Device Driver
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Late Night
The Sims™ 3 World Adventures
TuneUp Utilities 2008
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2289116)
Validity Sensors software
VC80CRTRedist - 8.0.50727.4053
Vuze Remote Toolbar
WIDCOMM Bluetooth Software 6.0.1.5000
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinPatrol 2009
WinPcap 4.1.1
WinRAR archiver
Xvid 1.2.2 final uninstall
.
==== End Of File ===========================