Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Definitely infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Definitely infected

Unread postby Repulse_Monkey » May 1st, 2012, 5:17 pm

Description of problems:
So, after getting Microsoft Security Essentials on this thing, it says it found Sirefef.Y,AB,J,U, and P, and also Alureon.FP.

Google search results are being redirected, and when I have MSE or MBAM fix the problems, the system won't boot and I have to go back to any restore point.

Avast was installed, but it expired, and is now disabled for some reason. I got tired of uninstalling it after every restore, so it's still there, even though I also have MSE. I can get rid of either, or both.

I have pasted both DDS and Attach. Thanks for looking at this!

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by maria at 13:58:06 on 2012-05-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4059.2594 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\system32\fxssvc.exe
C:\windows\system32\rstrui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\windows\system32\taskeng.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\windows\system32\conhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
C:\Users\maria\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\maria\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\regedit.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\windows\SysWOW64\ping.exe
C:\windows\SysWOW64\ping.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\conhost.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSNA
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [BIBLauncher] C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
uRun: [Akamai NetSession Interface] "C:\Users\maria\AppData\Local\Akamai\netsession_win.exe"
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun: [bTyuRufPNhEo.exe] C:\ProgramData\bTyuRufPNhEo.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
StartupFolder: C:\Users\maria\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://pmievents.webex.com/client/T27L ... atgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F94AF89A-58B3-4876-AD7F-2F38B152A8B4} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun-x64: [bTyuRufPNhEo.exe] C:\ProgramData\bTyuRufPNhEo.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\q5uouc6f.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://lf.startnow.com/?src=startpage&p ... .1-x64-SP0
FF - prefs.js: keyword.URL - hxxp://lf.startnow.com/s/?src=addrbar&p ... x64-SP0&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\q5uouc6f.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\maria\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: PMI Toolbar: pmitoolbar@toolbarexpressway.com - %profile%\extensions\pmitoolbar@toolbarexpressway.com
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 PMCF;PMCF;\??\C:\windows\system32\drivers\PMCF.sys --> C:\windows\system32\drivers\PMCF.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-7-16 517632]
R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-12-15 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S1 nqcvmauy;nqcvmauy;\??\C:\windows\system32\drivers\nqcvmauy.sys --> C:\windows\system32\drivers\nqcvmauy.sys [?]
S1 wocxigmo;wocxigmo;\??\C:\windows\system32\drivers\wocxigmo.sys --> C:\windows\system32\drivers\wocxigmo.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-18 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-11 135664]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-18 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-18 40384]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-11 135664]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
SUnknown yvzqsrsm;yvzqsrsm; [x]
.
=============== Created Last 30 ================
.
2012-05-01 20:50:17 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{530C01B6-5358-4869-8572-84E086E222B6}\offreg.dll
2012-05-01 20:48:51 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{530C01B6-5358-4869-8572-84E086E222B6}\mpengine.dll
2012-04-30 16:50:02 50000 ----a-w- C:\windows\System32\drivers\wocxigmo.sys
2012-04-30 16:47:45 50000 ----a-w- C:\windows\System32\drivers\nqcvmauy.sys
2012-04-30 16:45:15 8917360 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-30 06:35:41 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-30 06:09:34 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-04-30 06:07:04 -------- d-----w- C:\ProgramData\PC Tools
2012-04-30 06:07:01 -------- d-----w- C:\Users\maria\AppData\Roaming\TestApp
2012-04-27 06:50:44 50000 ----a-w- C:\windows\System32\drivers\yvzqsrsm.sys
2012-04-27 06:50:12 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E5C4BABB-A8B8-4023-8EC0-7CE88B4BAC8B}\offreg.dll
2012-04-27 06:48:48 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BB36C9A-13F9-4AB7-9597-D1A16C989692}\gapaengine.dll
2012-04-27 06:48:44 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E5C4BABB-A8B8-4023-8EC0-7CE88B4BAC8B}\mpengine.dll
2012-04-27 06:47:54 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-27 06:47:51 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-27 06:12:30 88064 ----a-w- C:\ProgramData\E027A1A4.exe
2012-04-27 06:00:01 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-27 06:00:00 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-27 06:00:00 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-26 04:06:26 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-26 01:31:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-25 22:56:24 -------- d-----w- C:\Program Files (x86)\Windows Resource Kits
2012-04-25 06:04:09 -------- d-sh--w- C:\found.000
2012-04-25 05:53:34 0 --sha-w- C:\windows\System32\dds_trash_log.cmd
2012-04-21 22:13:25 14744 ----a-w- C:\Users\maria\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2012-04-21 21:36:42 -------- d-----we C:\windows\system64
2012-04-14 16:07:11 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-14 16:07:11 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-14 16:07:11 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-14 16:07:10 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-14 16:07:10 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-14 16:07:10 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-14 16:07:10 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-13 14:51:38 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{297AA027-2103-4748-8DF5-EDBE1C04197E}\mpengine.dll
.
==================== Find3M ====================
.
2012-04-04 22:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-21 03:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-07 18:02:40 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 13:59:09.15 ===============

Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/11/2010 9:07:59 AM
System Uptime: 4/30/2012 9:40:24 AM (28 hours ago)
.
Motherboard: TOSHIBA | | To be filled by O.E.M.
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 405.848 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP521: 4/26/2012 10:59:38 PM - Windows Update
RP522: 4/26/2012 11:51:15 PM - after mse installation
RP523: 4/29/2012 11:19:19 PM - Windows Update
RP524: 4/30/2012 9:44:35 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Akamai NetSession Interface
Akamai NetSession Interface Service
Amazon Links
AT&T Yahoo! Browser Configuration
ATT-RC Self Support Tool
Bejeweled 2 Deluxe
Blackhawk Striker 2
Business-in-a-Box
Compatibility Pack for the 2007 Office system
Direct DiscRecorder
DVD MovieFactory for TOSHIBA
Faerie Solitaire
FATE Undiscovered Realms
FoxTab PDF Converter
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java(TM) 6 Update 14
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Monopoly
Mozilla Firefox (3.6.13)
MSVCRT
Mystery P.I. - The Vegas Heist
NetZero Launcher
Polar Bowler
Quickbooks Financial Center
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
RICOH R5U230 Media Driver ver.2.07.03.02
RoboForm 7-2-5 (All Users)
Scrabble Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype Launcher
Skype Toolbars
Skype™ 4.2
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - The Secret City
WebEx
WildTangent Games
WildTangent ORB Game Console
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
5/1/2012 1:38:17 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/30/2012 9:58:13 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147651866 Name: Trojan:Win64/Sirefef.J ID: 2147651866 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\temp\U\00000002.$;file:_C:\Windows\assembly\temp\U\00000002.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.125.839.0, AS: 1.125.839.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8304.0, NIS: 2.0.8001.0
4/30/2012 9:41:20 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/30/2012 9:41:19 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/30/2012 9:41:17 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/30/2012 9:41:12 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.125.655.0;1.125.655.0 Engine version: 1.1.8304.0
4/30/2012 1:33:07 AM, Error: Service Control Manager [7038] - The MsMpSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
4/30/2012 1:33:07 AM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not start due to a logon failure.
4/30/2012 1:32:52 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/30/2012 1:32:30 AM, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: alternateshell:HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\\AlternateShell
4/30/2012 1:32:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
4/30/2012 1:32:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
4/29/2012 11:15:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7034] - The Nsctop service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 11:13:08 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/29/2012 11:13:08 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/29/2012 11:12:23 PM, Error: PCTCore [280] -
4/27/2012 12:40:37 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147651866 Name: Trojan:Win64/Sirefef.J ID: 2147651866 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\temp\U\00000002.$;file:_C:\Windows\assembly\temp\U\00000002.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.125.655.0, AS: 1.125.655.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8304.0, NIS: 2.0.8001.0
4/27/2012 12:23:29 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.125.655.0;1.125.655.0 Engine version: 1.1.8304.0
4/26/2012 11:59:15 PM, Error: Service Control Manager [7023] - The Nsctop service terminated with the following error: Access is denied.
4/26/2012 11:57:21 PM, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: alternateshell:HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\\AlternateShell
4/26/2012 11:57:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
4/26/2012 11:57:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
4/26/2012 11:21:05 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
4/25/2012 9:06:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
4/25/2012 9:06:56 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/25/2012 8:53:14 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
4/25/2012 8:53:14 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
4/25/2012 8:53:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
4/25/2012 5:59:41 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/25/2012 5:40:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).
4/25/2012 11:36:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031d37da, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 042512-27830-01.
4/25/2012 11:24:21 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
4/24/2012 10:47:43 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume TI105550W0F.
4/24/2012 10:37:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/24/2012 10:37:27 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Repulse_Monkey
Active Member
 
Posts: 2
Joined: May 1st, 2012, 4:53 pm
Advertisement
Register to Remove

Re: Definitely infected

Unread postby Gary R » May 2nd, 2012, 1:23 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Definitely infected

Unread postby Gary R » May 2nd, 2012, 1:25 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Repulse_Monkey

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Your DDS logs clearly show that your computer is infected with the "Zero Access" rootkit infection.

This means your attacker may have full remote access to your computer and can use it as if he were sat in front of it.

You are strongly advised to do the following immediately:

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, and financial institutions. Inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer, because the attacker will get the new passwords and transaction information.

IF YOU USE THIS COMPUTER FOR ONLINE BANKING OR OTHER FINANCIAL TRANSACTIONS, OR HAVE DATA OF A CONFIDENTIAL NATURE ON IT, MY RECOMMENDATION IS THAT YOU RE-FORMAT AND RE-INSTALL YOUR OPERATING SYSTEM AND PROGRAMMES. WE CAN NEVER BE TOTALLY SURE WE HAVE GOT RID OF ALL MODIFICATIONS WHICH MAY HAVE BEEN MADE BY THE ATTACKER, AND THEREFORE CANNOT GUARANTEE THE SAFETY OF YOUR DATA.

If you don't have the resources to reinstall your OS and/or would like me to attempt to clean your machine, I'll be happy to do so.

To help you decide, please take some time to read the following articles, then let me know how you want to proceed.

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should I do a reformat and reinstallation of my OS
Where to backup your files
Restoring your backups
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Definitely infected

Unread postby Repulse_Monkey » May 2nd, 2012, 1:33 am

I can't take any risks, so I will be doing a complete reinstall. Thanks for taking a look at it for me.
Repulse_Monkey
Active Member
 
Posts: 2
Joined: May 1st, 2012, 4:53 pm

Re: Definitely infected

Unread postby Gary R » May 2nd, 2012, 1:55 am

Once you've backed up your personal files and folders to an external device, a reformat is probably the best option to take.

Removing the infection itself is not usually too difficult, but remedying the incidental damage it does can frequently be difficult and time consuming, and sometimes impossible to achieve without a reformat.

Once you have reformatted your computer, please read .... Computer Security - a short guide to staying safer online .... which should give you some advice on how to secure your computer against future infections.

Since you've decided to reformat there's nothing else we can help you with, so .....

THIS TOPIC IS NOW CLOSED
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 113 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware