1.

Solve : can't get rid of virus/rootkit infection - need help...?

Answer»

hi,

I was in hurry last friday (apr 23) and accidentally clicked on an email link instead of deleting the email - not sure what short circuit happened in my brain at that moment.  My Acrobat opened and I immediately went to shut off my internet, but it was too late.  I can no longer access Windows Update and any google links that would potentially provide help would either not load or redirect to some sleazy ads.  I have tried numerous scans this past week to get rid of it, but I'm still back at pretty much square one.

Here is what I have tried:
- MBAM: initially found a few backdoor bots and what not and got rid of them.  Since then, it has found nothing even with latest updates.

- SAS: found a couple of things, but has found nothing since.

- Hitman pro 3.5: found nothing.

- Windows Defender: I manually updated it today (as the rootkit blocks auto update of it) and found nothing

- PestPatrol: found nothing

- Trendmicro online scanner: found nothing

- ESET online scanner: found nothing.

- MS onecare online scanner: keeps finding "severe threats" but can't remove them and doesn't give me any info about them.

- GMER: found suspicious modifications of "atapi.sys" and "acpiec.sys"

I strongly suspect that I have been hit with a new variant of the TDSS rootkit tdl3 (tdl4?) as indicated by my GMER log, but when I ran TDSSkiller from Kaspersky, it did not find any infections, yet, I still have all the SYMPTOMS of TDSS rootkit infection.

Here's my GMER and DDS reports.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-29 21:05:04
Windows 5.1.2600 Service Pack 2
Running: 1z0hdkjw(gmer).exe; Driver: C:\DOCUME~1\~\LOCALS~1\Temp\pwdoikob.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc           C:\WINDOWS\system32\drivers\ACPIEC.sys                                     entry point in ".rsrc" section [0xBACC6194]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!NtProtectVirtualMemory     7C90D6EE 5 Bytes  JMP 0097000A
.text           C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!NtWriteVirtualMemory       7C90DFAE 5 Bytes  JMP 0098000A
.text           C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!KiUserExceptionDispatcher  7C90E47C 5 Bytes  JMP 0096000C
.text           C:\WINDOWS\System32\svchost.exe[1304] USER32.dll!GetCursorPos              7E41BD76 5 Bytes  JMP 028D000A
.text           C:\WINDOWS\System32\svchost.exe[1304] ole32.dll!CoCreateInstance           774FFAC3 5 Bytes  JMP 0280000A
.text           C:\WINDOWS\Explorer.EXE[3256] ntdll.dll!NtProtectVirtualMemory             7C90D6EE 5 Bytes  JMP 00B5000A
.text           C:\WINDOWS\Explorer.EXE[3256] ntdll.dll!NtWriteVirtualMemory               7C90DFAE 5 Bytes  JMP 00C3000A
.text           C:\WINDOWS\Explorer.EXE[3256] ntdll.dll!KiUserExceptionDispatcher          7C90E47C 5 Bytes  JMP 00B4000C

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                     SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                   SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                  SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                  SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)

Device           -> \Driver\atapi \Device\Harddisk0\DR0                                    8A60BAC8

---- Files - GMER 1.0.15 ----

File            C:\WINDOWS\system32\drivers\ACPIEC.sys                                     suspicious modification
File            C:\WINDOWS\system32\drivers\atapi.sys                                      suspicious modification

---- EOF - GMER 1.0.15 ----

*****************************************************************


DDS (Ver_10-03-17.01) - NTFSx86 
Run by ~ at 15:03:12.65 on Thu 04/29/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2038.1133 [GMT -4:00]

FW: Norton Internet Worm Protection *disabled*   {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Utilities\Security\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Utilities\Security\NAV2003\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Utilities\Security\PestPatrol\PPActiveDetection.exe
C:\Utilities\Canon\OmniPageSE2.0\OpwareSE2.exe
C:\Utilities\Security\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Utilities\Media Players\Quicktime v7.1.3\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Productivity\Adobe\Acrobat 6 Pro\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Utilities\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\~\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uWindows: run=""
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\utilities\security\nav2003\NavShExt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\productivity\adobe\acrobat 6 pro\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\productivity\adobe\acrobat 6 pro\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [eTrust PestPatrol Active Protection] "c:\utilities\security\pestpatrol\PPActiveDetection.exe"
mRun: [Sony Ericsson PC Suite] "c:\utilities\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [OpwareSE2] "c:\utilities\canon\omnipagese2.0\OpwareSE2.exe"
mRun: [Windows Defender] "c:\utilities\security\windows defender\MSASCui.exe" -hide
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [QuickTime Task] "c:\utilities\media players\quicktime v7.1.3\qttask.exe" -atboottime
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\productivity\adobe\acrobat 6 pro\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: E&xport to Microsoft Excel - c:\produc~1\office11\office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\produc~1\office11\office12\REFIEBAR.DLL
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345}
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162477309765
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272005459953
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://feiportal.feico.com/InternalSite/WhlCompMgr.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\utilities\security\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - fusstub.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\utilit~1\security\window~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\utilities\security\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = scecli fusstub
Hosts: 207.170.206.71   feiportal.feico.com
============= SERVICES / DRIVERS ===============

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-3-22 9216]
R1 SASDIFSV;SASDIFSV;c:\utilities\security\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\utilities\security\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-8-8 308936]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\utilities\security\nav2003\NAVAPSVC.EXE [2002-8-19 116336]
R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\SAVRTPEL.SYS [2002-7-25 35552]
R2 WinDefend;Windows Defender;c:\utilities\security\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-3-22 36352]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091223.003\NAVENG.Sys [2009-12-23 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091223.003\NavEx15.Sys [2009-12-23 1323568]
R3 SAVRT;SAVRT;c:\windows\system32\drivers\SAVRT.SYS [2002-7-25 235744]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-3-22 29184]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-3-22 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-3-22 226304]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-14 54408]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-8-19 63176]
S3 DiMeiMC;MEI MC Stage;c:\windows\system32\drivers\DiMeiMC.sys [2008-6-12 7832]
S3 DMService;Whale Component Manager;c:\windows\downlo~1\DMService.exe [2008-11-25 423576]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\plcndis5.sys --> c:\windows\system32\PLCNDIS5.SYS [?]
S3 SASENUM;SASENUM;c:\utilities\security\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [2006-11-4 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [2006-11-4 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [2006-11-4 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [2006-11-4 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [2006-11-4 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [2006-11-4 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [2006-11-4 90800]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\~\my documents\inter-tel\collaboration client 2.0\lkWebLink.exe [2008-9-15 32768]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-04-29 19:00:10   0   ----a-w-   c:\documents and settings\~\defogger_reenable
2010-04-26 18:49:08   0   d-----w-   c:\program files\ESET
2010-04-26 02:08:58   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-26 02:08:50   0   d-----w-   c:\docume~1\~\applic~1\SUPERAntiSpyware.com
2010-04-26 02:08:03   0   d-----w-   c:\program files\common files\Wise Installation Wizard
2010-04-26 00:38:46   12872   ----a-w-   c:\windows\system32\bootdelete.exe
2010-04-26 00:11:21   15944   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2010-04-26 00:10:30   0   d-----w-   c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-04-26 00:10:29   0   d-----w-   c:\program files\Hitman Pro 3.5
2010-04-23 19:41:09   45   ----a-w-   c:\windows\system32\_WKERNEL.FRE
2010-04-23 19:40:48   56496   ----a-w-   c:\windows\system32\wbhelp2.dll
2010-04-23 19:40:48   544768   ----a-w-   c:\windows\system32\wbocx.ocx
2010-04-23 19:40:47   4608   ----a-w-   c:\windows\system32\W95INF32.DLL
2010-04-23 19:40:47   439   ----a-w-   c:\windows\system32\shfolder.inf
2010-04-23 19:40:47   33968   ----a-w-   c:\windows\system32\anim.dll
2010-04-23 19:40:47   258352   ----a-w-   c:\windows\system32\unicows.dll
2010-04-23 19:40:47   2272   ----a-w-   c:\windows\system32\W95INF16.DLL
2010-04-13 06:07:41   0   d-----w-   C:\AMTtempImages
2010-04-13 06:06:55   168720   ----a-w-   c:\windows\system32\MSLTUS35.DLL
2010-04-13 06:06:51   0   d-----w-   C:\AMThistory
2010-04-13 06:06:51   0   d-----w-   C:\AmtCommon
2010-04-13 06:06:51   0   d-----w-   C:\Amt600

==================== Find3M  ====================

2010-03-30 07:46:30   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45:52   20824   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-03-11 12:38:54   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-03-11 12:38:52   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38:51   17408   ------w-   c:\windows\system32\corpol.dll
2010-03-09 11:09:18   430080   ----a-w-   c:\windows\system32\vbscript.dll
2010-03-09 08:28:20   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-02-24 14:16:06   181632   ------w-   c:\windows\system32\MpSigStub.exe
2010-02-16 17:35:40   2143744   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 16:57:54   2021888   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47:05   100864   ----a-w-   c:\windows\system32\6to4svc.dll
2008-12-27 06:43:08   32   --sha-w-   c:\windows\{27605EE2-0707-4CF3-BB1C-E808AD90E4BC}.dat
2008-12-27 06:43:08   32   --sha-w-   c:\windows\system32\{F5E374BF-C6B5-407C-A685-94751F290334}.dat

============= FINISH: 15:04:56.70 ===============

**************************************************************


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/2/2006 3:39:15 AM
System Uptime: 4/29/2010 11:55:35 AM (4 hours ago)

Motherboard: Sony Corporation |  | VAIO                           
Processor: Genuine Intel(R) CPU           T2400  1.83GHz | N/A | 1833/166mhz
Processor: Genuine Intel(R) CPU           T2400  1.83GHz | N/A | 1833/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 5.085 GiB free.
D: is Removable
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office system
ACT!
AddressGrabber Standard
AddressGrabber Standard 3.5
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
AMT Image Capture Engine
AnyDVD
Apple Mobile Device Support
Apple Software Update
Audiograbber 1.83 SE
Bluetooth Stack for Windows by Toshiba
Bonjour
CA eTrust PestPatrol
Canon MP Navigator 2.2
Canon MP530
Canon Utilities Easy-PhotoPrint
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.32
Collaboration Client 2.0
Compatibility Pack for the 2007 Office system
Content Transfer
DSD Direct
DSD Playback Plug-in 1.0
DSPDriver
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVgate Plus
Easy-WebPrint
Eraser
ESET Online Scanner v3
FileZilla Client 3.2.4.1
Fingerprint Tutorial
GOM Player
GoToMeeting 4.0.0.320
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hitman Pro 3.5
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Image Converter 2 Plus
ImageJ
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for VAIO
IsoBuster 2.1
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LAN Setting Utility
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
MAGIC M4A to MP3 Converter 3.1
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
Memory Stick Formatter
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Data Access Components KB870669
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
mIWA
mLogView
mMHouse
Move Networks Media Player for Internet Explorer
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
mZConfig
NanoDrive
Nanoscope 5.30r3sr3
Nanoscope 5.31r1
Nanoscope 8.0
NanoScope Analysis
National Instruments Software
Nero 6 Enterprise Edition
NI LabVIEW Run-Time Engine 7.1
Norton AntiVirus 2003
NVIDIA Drivers
NWZ-E340 WALKMAN Guide
Office 2003 Trial Assistant
Office Password Recovery Toolbox 2.0
OmniPage SE 2.0
OpenMG Secure Module 4.4.00
Presto! PageManager 7.15.11
Protector Suite QL 5.3
Quicken 2006
QuickTime
QuoteWerks 3.0 Node
QuoteWerks 4.0 MS CRM link
QuoteWerks 4.0 Node
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Setting Utility Series
SigmaTel Audio
SonicStage 3.4
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony Ericsson PC Suite
Sony Ericsson Wireless Modem
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Super Flexible File Synchronizer v4.75
SUPERAntiSpyware Free Edition
TexasInstVCPDriver
TPM Tutorial
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Service
v720
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO HDD Protection
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA
VC8 MERGE Modules
VC9 Merge Modules
Vision 4.10
Vision 4.10 Advanced Analyses
Vision 4.10 Update 1
vPod (Remove Only)
WebFldrs XP
Whale Communications' Client Components v3.7.1
Winamp (remove only)
Windows Defender
Windows Driver Package - Digital Instruments, Inc (umpusbxp) MultiportSerial  (11/01/2004 1.2.11.03)
Windows Driver Package - NVIDIA (nv) Display  (06/20/2006 8.4.9.1)
Windows Driver Package - Sheldon Instruments (SIPLXWDM) SIPLXWDM  (01/12/2006 )
Windows Driver Package - Texas Instruments (umpusbxp) Ports  (11/01/2004 1.2.11.03)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows XP Hotfix - KB307154
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
WinRAR archiver
WinUtilities 9.58 Free Edition
WinZip
Wireless Switch Setting Utility

==== Event Viewer Messages From Past Week ========

4/29/2010 11:47:32 AM, error: Dhcp [1002]  - The IP address lease 172.16.61.150 for the Network Card with network address 00130235A550 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/27/2010 7:00:42 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service ccPwdSvc with arguments "" in order to run the server: {DBA28A20-5CE1-4E8D-AD35-418B62269E54}
4/27/2010 6:43:45 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.100 for the Network Card with network address 00130235A550 has been denied by the DHCP server 172.16.48.1 (The DHCP Server sent a DHCPNACK message).
4/27/2010 5:46:29 AM, error: Dhcp [1002]  - The IP address lease 192.168.1.101 for the Network Card with network address 00130235A550 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/25/2010 10:16:37 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/25/2010 10:16:09 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/25/2010 10:05:41 PM, error: Print [6161]  - The document http://www.bleepingcomputer.com/forums/topic311974.html owned by ~ failed to print on printer Canon MP530 Series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 1769472. Number of bytes printed: 273004. Total number of pages in the document: 9. Number of pages printed: 0. Client machine: \\SFR_LAPTOP08. Win32 error code returned by the print processor: 6 (0x6).
4/23/2010 3:26:10 PM, error: Ftdisk [49]  - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/23/2010 3:26:10 PM, error: Ftdisk [45]  - The system could not sucessfully load the crash dump driver.
4/22/2010 9:53:56 AM, error: Dhcp [1002]  - The IP address lease 192.168.1.100 for the Network Card with network address 00130235A550 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


I'm at my wits end and I'm still no where near killing this bugger.  Any help would be much appreciated.

Thanks.Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.Thank you for the reply.  I ran ComboFix and it *seems* to have worked 
I can now go onto Windows Update again.  Here is the ComboFix log, please let me know if there is anything in there that indicates it might still be infected.  I'm going to run GMER again just in case.  Let me know if you want that log posted also.

*************************************************************
ComboFix 10-05-01.04 - ~ 05/01/2010  20:50:03.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2038.1500 [GMT -4:00]
Running from: c:\documents and settings\~\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
C:\install.exe
c:\program files\WindowsUpdate
c:\recycler\S-1-5-21-1248417570-2269146281-292178343-500
c:\recycler\S-1-5-21-2308831925-2314612040-1759109179-500
c:\windows\jestertb.dll
c:\windows\setup.exe
c:\windows\Sonysys\VAIO Recovery\PartSeal.exe
c:\windows\system32\fusstub.dll

Infected copy of c:\windows\system32\drivers\acpiec.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
(((((((((((((((((((((((((   Files Created from 2010-04-02 to 2010-05-02  )))))))))))))))))))))))))))))))
.

2010-05-02 00:29 . 2010-05-02 00:35   --------   d-----w-   C:\CoboFix
2010-04-30 20:07 . 2004-08-04 12:00   95360   ----a-w-   C:\atapi.sys
2010-04-26 18:49 . 2010-04-26 18:49   --------   d-----w-   c:\program files\ESET
2010-04-26 02:08 . 2010-04-26 02:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-26 02:08 . 2010-04-26 02:08   --------   d-----w-   c:\documents and settings\~\Application Data\SUPERAntiSpyware.com
2010-04-26 02:08 . 2010-04-26 02:08   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-04-26 00:38 . 2010-04-26 00:38   12872   ----a-w-   c:\windows\system32\bootdelete.exe
2010-04-26 00:11 . 2010-04-30 14:07   15944   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2010-04-26 00:10 . 2010-04-26 00:38   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-26 00:10 . 2010-04-26 00:10   --------   d-----w-   c:\program files\Hitman Pro 3.5
2010-04-24 21:35 . 2010-04-30 07:45   --------   d-----w-   c:\program files\Windows Live Safety Center
2010-04-23 19:40 . 2007-08-31 16:52   56496   ----a-w-   c:\windows\system32\wbhelp2.dll
2010-04-23 19:40 . 2007-08-31 16:52   33968   ----a-w-   c:\windows\system32\anim.dll
2010-04-23 19:40 . 2004-12-07 14:11   258352   ----a-w-   c:\windows\system32\unicows.dll
2010-04-23 19:40 . 1999-11-22 19:50   4608   ----a-w-   c:\windows\system32\W95INF32.DLL
2010-04-23 19:40 . 1999-11-22 19:50   2272   ----a-w-   c:\windows\system32\W95INF16.DLL
2010-04-13 06:07 . 2010-04-13 06:07   --------   d-----w-   C:\AMTtempImages
2010-04-13 06:06 . 1999-09-10 05:06   168720   ----a-w-   c:\windows\system32\MSLTUS35.DLL
2010-04-13 06:06 . 2010-04-13 06:07   --------   d-----w-   C:\AMThistory
2010-04-13 06:06 . 2010-04-13 06:06   --------   d-----w-   C:\AmtCommon
2010-04-13 06:06 . 2010-04-13 06:06   --------   d-----w-   C:\Amt600

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 01:32 . 2008-12-27 06:41   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-05-02 00:15 . 2008-03-12 01:07   --------   d-----w-   c:\documents and settings\~\Application Data\Canon
2010-04-29 19:39 . 2008-07-28 15:03   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-06-04 16:49   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-04-27 05:14 . 2006-11-02 16:46   --------   d-----w-   c:\documents and settings\~\Application Data\AdobeUM
2010-04-15 20:38 . 2009-01-15 16:32   --------   d-----w-   c:\documents and settings\~\Application Data\FileZilla
2010-04-09 16:02 . 2006-03-22 23:00   --------   d-----w-   c:\program files\Common Files\Java
2010-04-09 16:01 . 2006-03-22 23:00   --------   d-----w-   c:\program files\Java
2010-03-11 12:38 . 2006-03-22 17:56   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2006-03-22 17:56   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2006-03-22 17:56   17408   ------w-   c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2006-03-22 17:56   430080   ----a-w-   c:\windows\system32\vbscript.dll
2010-03-09 08:28 . 2009-02-24 14:27   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-03-08 00:30 . 2007-03-31 18:22   --------   d-----w-   c:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-04 22:56 . 2007-01-11 18:31   --------   d-----w-   c:\documents and settings\~\Application Data\U3
2010-02-24 14:16 . 2009-10-04 05:23   181632   ------w-   c:\windows\system32\MpSigStub.exe
2010-02-24 12:31 . 2006-03-22 17:56   454016   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 17:35 . 2006-03-22 17:56   2143744   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 16:57 . 2004-08-03 22:59   2021888   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2006-03-22 17:56   100864   ----a-w-   c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2006-03-22 17:56   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys
2004-03-15 22:51 . 2004-03-15 22:51   114688   ----a-w-   c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2008-12-25 21:45 . 2008-12-25 21:45   0   --sh--w-   c:\windows\S3A6D9F76.tmp
2008-12-27 06:43 . 2008-12-27 06:43   32   --sha-w-   c:\windows\{27605EE2-0707-4CF3-BB1C-E808AD90E4BC}.dat
2008-12-27 06:43 . 2008-12-27 06:43   32   --sha-w-   c:\windows\system32\{F5E374BF-C6B5-407C-A685-94751F290334}.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-01-26 212992]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 700416]
"eTrust PestPatrol Active Protection"="c:\utilities\Security\PestPatrol\PPActiveDetection.exe" [2004-09-27 106496]
"Sony Ericsson PC Suite"="c:\utilities\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"OpwareSE2"="c:\utilities\Canon\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Windows Defender"="c:\utilities\Security\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-20 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-20 34504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"QuickTime Task"="c:\utilities\Media Players\Quicktime v7.1.3\qttask.exe" [2009-05-26 413696]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-04-30 5937984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\productivity\Adobe\Acrobat 6 Pro\Distillr\acrotray.exe [2003-10-24 217194]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-22 1765376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\utilities\Security\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\utilities\Security\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-08-12 00:09   73728   ----a-w-   c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\Productivity\\Office11\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nanoscope\\v720\\DspNsSimulator.exe"=
"c:\\Program Files\\Common Files\\QuoteWerks\\QWWebConnector4.exe"=
"c:\\Program Files\\Whale Communications\\Client Components\\3.1.0\\WhlClnt3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Utilities\\Media Players\\iTunes v8.1.1\\iTunes.exe"=
"c:\\Utilities\\FTP Clients\\FileZilla FTP Client\\filezilla.exe"=

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [3/22/2006 1:57 PM 9216]
R1 SASDIFSV;SASDIFSV;c:\utilities\Security\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\utilities\Security\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 10:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 10:13 PM 33024]
R2 WinDefend;Windows Defender;c:\utilities\Security\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [3/22/2006 1:57 PM 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/22/2006 1:57 PM 29184]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [3/22/2006 1:57 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [3/22/2006 1:57 PM 226304]
S3 DiMeiMC;MEI MC Stage;c:\windows\system32\drivers\DiMeiMC.sys [6/12/2008 3:52 PM 7832]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [11/25/2008 12:30 PM 423576]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\PLCNDIS5.SYS --> c:\windows\system32\PLCNDIS5.SYS [?]
S3 SASENUM;SASENUM;c:\utilities\Security\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [11/4/2006 8:18 PM 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [11/4/2006 8:19 PM 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [11/4/2006 8:19 PM 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [11/4/2006 8:21 PM 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [11/4/2006 8:23 PM 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [11/4/2006 8:20 PM 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [11/4/2006 8:22 PM 90800]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\~\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [9/15/2008 10:35 AM 32768]
.
Contents of the 'Scheduled Tasks' folder

2010-05-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\utilities\Security\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-05-02 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-12-27 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\produc~1\Office11\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-VAIO Recovery - c:\windows\Sonysys\VAIO Recovery\PartSeal.exe
HKLM-Run-PartSeal - c:\windows\Sonysys\VAIO Recovery\PartSeal.exe
Notify-psfus - fusstub.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 21:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1208)
c:\utilities\Security\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\utilities\Canon\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\utilities\Security\NAV2003\navapsvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\utilities\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\Common Files\Symantec Shared\NMain.exe
.
**************************************************************************
.
Completion time: 2010-05-01  21:42:52 - machine was rebooted
ComboFix-quarantined-files.txt  2010-05-02 01:42

Pre-Run: 5,244,211,200 bytes free
Post-Run: 5,410,398,208 bytes free

- - End Of File - - 2C8102964AEC911BA4B7D668F149F0C0

Thanks again!
Go ahead with the GMER log.If this is indeed cleaned, I can't thank you enough.  So far so good, my hibernate function is working again too (it stopped working when I picked up the rootkit virus).  NAV scan - clean, MS Onecare online - clean, MBAM, SAS and ESET scans next.  Should I also run DDS again?

Here's the GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-02 11:31:35
Windows 5.1.2600 Service Pack 2
Running: 1z0hdkjw(gmer).exe; Driver: C:\DOCUME~1\~\LOCALS~1\Temp\pwdoikob.sys


---- Kernel code sections - GMER 1.0.15 ----

?               Combo-Fix.sys                               The system cannot find the file specified. !
?               C:\DOCUME~1\~\LOCALS~1\Temp\mbr.sys  The system cannot find the file specified. !
?               C:\ComboFix\catchme.sys                     The system cannot find the path specified. !
?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS  The system cannot find the file specified. !
?               System32\Drivers\hiber_WMILIB.SYS           The system cannot find the path specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                      SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                    SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                   SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                   SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                 SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Thank you!Log looks fine.

Please run a free online scan with the ESET Online Scanner

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
Hi,

Here's the ESET log.  I don't think that one file it found was actually bad, but I let it delete it anyway just in case.  BTW, do you know if there is any updates or anything out there that will prevent future TDSS rootkit infections?  I will obviously not make the same mistake again and pay full attention next time I delete bad emails (so that I click Delete instead of the link  ).

************************************************************************************

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=53084455feb56a4bbcbf6ea0ddeb8a5e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-03 12:04:28
# local_time=2010-05-02 08:04:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 109470394 109470394 0 0
# compatibility_mode=3586 16764925 100 81 0 697131779 0 0
# compatibility_mode=5889 16768381 100 100 59385052 112653725 0 59456579
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=129823
# found=1
# cleaned=1
# scan_time=15689
C:\Downloads\Utilities\framework-3.0.exe   JS/TrojanDownloader.Psyme.NCX trojan (deleted - quarantined)   00000000000000000000000000000000   C

*******************************************************************************

Thanks!

Safe surfing. I recommend to stay away from downloading anything, including from P2P programs/sites, torrents. Rootkits get distributed highly in P2P downloads.

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP BUTTON click this
  • Accept the Warning and select OK again, the program will close and you are done
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have SAVED all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Discussion

No Comment Found

Related InterviewSolutions