Jump to content

sunshineboy00

Honorary Members
 View Profile  See their activity

  • Posts

    22

  • Joined

  • Last visited

Reputation

0 Neutral
  1. sunshineboy00

    Thank you very much for your generous help.

  2. sunshineboy00
    Thanks. this is the log from security check: Results of screen317's Security Check version 0.99.74 Windows 7 x64 (UAC is enabled) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 6 Java version out of Date! Adobe Flash Player 11.5.502.135 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (23.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Malwarebytes SecurityCheck.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  3. sunshineboy00
    I search on the internet about the 'Ads not by this site' and i found the below website http://malwaretips.com/blogs/remove-ads-not-by-this-site/ I followed their steps and it did resolve the issue. It is caused by some of the software mistakenly installed by me. I confirmed those ads do not appear again on the browser. I am running full scan with malwarebytes anti-malware to see if the computer is totally clean. Is there anything you would like me to check too? I really appreciated for your time and effort in helping me and apologize it was my mis-use of installing program causing this.
  4. sunshineboy00
    My PC has been infected by some kind of trojan but I cannot remember the name of it. I have finished scanning with roguekiller and Malware anti root kit and scan again after restart. It says the PC has no malware but the 'Ads' problem still persists. system-log.txt mbar-log-2013-10-27 (19-05-17).txt
  5. sunshineboy00
    Here it is: RogueKiller V8.7.5 _x64_ [Oct 22 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Cliff Chau [Admin rights] Mode : Scan -- Date : 10/27/2013 00:20:22 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> FOUND [ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1001FAES-55W7A0 +++++ --- User --- [MBR] 1cdee4da1064f63d6f9bf9ee430ca79e [bSP] 766b4481810d0ee2fdc4dfb6f9892335 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16464 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33720320 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33925120 | Size: 156701 Mo 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 354850816 | Size: 780601 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_10272013_002022.txt >>
  6. sunshineboy00
    DDS. text DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16839 BrowserJavaVersion: 10.6.2 Run by Cliff Chau at 23:03:06 on 2013-10-26 Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.8173.5394 [GMT 8:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\PDF Architect\HelperService.exe C:\Program Files (x86)\PDF Architect\ConversionService.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files\Sony\VAIO Smart Network\VSNService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe C:\Users\Cliff Chau\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe D:\99 Software Download\PPS\PPStream\PPSAP.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\AliWangWang\AliIM.exe C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\AliWangWang\7.21.18C\miser\AliimSafe.exe C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe C:\Program Files\Sony\VAIO Update\VUAgent.exe C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Program Files\Sony\VAIO Care\VCService.exe C:\Program Files\Sony\VAIO Care\VCAgent.exe C:\Windows\System32\vds.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Program Files\Sony\VAIO Care\Admload.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Sony\VAIO Care\VCPerfService.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned> BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: SaveByclick Class: {A6767D04-26FA-9324-202F-70457FC7B295} - C:\ProgramData\SaveByclick\50c9f7bc6056d.ocx BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay uRun: [Octoshape Streaming Services] "C:\Users\Cliff Chau\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun uRun: [HKToolbarManager] "C:\Program Files (x86)\881903\IETOOLBAR\hkmgr.exe" uRun: [PPS Accelerator] D:\99 Software Download\PPS\PPStream\ppsap.exe uRun: [Facebook Update] "C:\Users\Cliff Chau\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe uRun: [aliim] C:\Program Files (x86)\AliWangWang\aliim.exe /run:auto uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -update plugin mRun: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe" mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\CLIFFC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: 添加为阿里旺旺表情 - C:\Program Files (x86)\AliWangWang\7.00.20C\AddNewEmotion.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{A4FF235E-2A62-466E-A49A-5A6B7BFA0FEC} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{A4FF235E-2A62-466E-A49A-5A6B7BFA0FEC}\14E64627F6964684F6473707F64743636313 : DHCPNameServer = 192.168.43.1 TCP: Interfaces\{C82DE9C4-4BFB-4C92-93D3-D2E746F7F939} : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Cliff Chau\AppData\Roaming\Mozilla\Firefox\Profiles\s6egiukh.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\AliWangWang\7.21.18C\npAliSSOLogin.dll FF - plugin: C:\Program Files (x86)\AliWangWang\7.21.18C\npwangwang.dll FF - plugin: C:\Program Files (x86)\Baidu\BaiduPlayer\1.19.0.68\npxbdyy.dll FF - plugin: C:\Program Files (x86)\Baidu\BaiduPlayer\1.19.0.68\npxbdyyreg.dll FF - plugin: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll FF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.36\Bin\npSSOAxCtrlForPTLogin.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Cliff Chau\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\Cliff Chau\AppData\Roaming\alipay\cf\npalicdo.dll FF - plugin: C:\Users\Cliff Chau\AppData\Roaming\Mozilla\plugins\npoctoshape.dll FF - plugin: C:\Windows\System32\aliedit\3.6.0.0\npalidcp.dll FF - plugin: C:\Windows\System32\aliedit\3.6.0.0\npaliedit.dll FF - plugin: C:\Windows\System32\aliedit\3.6.0.0\npAliSecCtrl.dll FF - plugin: C:\Windows\System32\aliedit\3.6.0.0\npAliSecCtrl64.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-15 55856] R2 AlipaySecSvc;Alipay security service;C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [2013-8-26 505728] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-15 13336] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 701512] R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312] R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2011-2-15 14112] R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-12-14 102400] R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsnxc64.sys [2010-12-30 98816] R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-5-12 259192] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688] R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-11 108400] R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-13 423280] R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-11 67952] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-3 2916736] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-15 2656280] R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-2-15 584080] R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-28 864000] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-26 549168] R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-2-15 923024] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-2-15 19968] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-28 25928] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-10-1 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-10-1 180736] R3 NWLowRider;NextWindow LowRider Touch Screen;C:\Windows\System32\drivers\NWLowRider.sys [2010-12-24 26176] R3 NWWakeFilterLR;NextWindow Remote Wake Blocker;C:\Windows\System32\drivers\NWWakeFilterLR.sys [2010-12-24 14400] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-4 349800] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768] R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-28 303872] R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2013-5-12 44736] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-4-27 1368624] S2 McMPFSvc;McAfee Personal Firewall Service; [x] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2010-2-24 362992] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680] S3 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408] S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-2-15 344616] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-15 39464] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-5-26 99384] S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-11 281088] S3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\System32\drivers\hidkmdf.sys [2010-12-24 14400] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-7 288776] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2010-2-24 313840] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-5-26 203320] S3 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-15 104960] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152] S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2013-10-23 14:27:37 -------- d-----r- C:\Program Files (x86)\Skype 2013-10-23 12:21:32 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{D559C62A-6DEA-43AA-B1CD-36A18FB8F645} 2013-10-23 12:21:26 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{99EB14D2-FC5E-4F17-A0C6-62394FFAF24A} 2013-10-19 07:39:26 -------- d-----w- C:\Program Files\McAfee Security Scan . ==================== Find3M ==================== . . ============= FINISH: 23:03:24.68 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 27/08/2011 19:35:41 System Uptime: 26/10/2013 20:42:17 (3 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core i7-2720QM CPU @ 2.20GHz | N/A | 2201/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 153 GiB total, 91.58 GiB free. D: is FIXED (NTFS) - 762 GiB total, 380.155 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP117: 04/09/2013 22:34:40 - Scheduled Checkpoint RP118: 07/09/2013 01:46:11 - VAIO Care Automatic Restore Point RP119: 14/09/2013 11:17:49 - Scheduled Checkpoint RP120: 21/09/2013 13:16:11 - Scheduled Checkpoint RP121: 03/10/2013 20:09:18 - Scheduled Checkpoint RP122: 05/10/2013 16:00:43 - Installed VAIO Update RP123: 12/10/2013 16:29:43 - Scheduled Checkpoint RP124: 20/10/2013 10:37:43 - Scheduled Checkpoint . ==== Installed Programs ====================== . ???? ??? Windows Live ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? ???? Windows Live ????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) ?iê?u khiê?n ActiveX Windows Live Mesh da?nh cho kê?t n??i t?? xa 7-Zip 9.13 beta Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 ActiveX 64-bit Adobe Flash Player 11 Plugin Adobe Photoshop Elements 9 Adobe Premiere Elements 9 Adobe Reader XI Alipay Cert Component 2.0.0.1 Alipay security control 3.6.0.0 AlipayDHC 1.1.0.0 ArcSoft Magic-i Visual Effects 2 ArcSoft WebCam Companion 4 ArcSoft WebCam Message Board BaiduPlayer1.19.0.68 Bing Bar Bing Bar Platform Bing Maps 3D Bing Rewards Client Installer Corel WinDVD CyberLink YouPaint D3DX10 DivX Setup Elements 9 Organizer Elements STI Installer eMule ERUNT 1.1j Evernote Extended Asian Language font pack for Adobe Reader XI Facebook Video Calling 1.2.0.287 FastStone Photo Resizer 3.1 Intel® Management Engine Components Intel® Rapid Storage Technology Java 7 Update 6 Java Auto Updater Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 McAfee Security Scan Plus Media Gallery Mesh Runtime Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft PowerPoint Viewer Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Touch Pack for Windows 7 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft XNA Framework Redistributable 3.0 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 23.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser Norton Online Backup NVIDIA Display Control Panel NVIDIA Graphics Driver 266.18 NVIDIA HD Audio Driver 1.1.13.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.10.0514 Octoshape Streaming Services OpenOffice.org 3.4.1 PDF Architect PDFCreator Picasa 3 PMB PMB VAIO Edition Guide PMB VAIO Edition Plug-in PPS影音 V2.7.0.1450 正式版 RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Remote Keyboard Renesas Electronics USB 3.0 Host Controller Driver Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy Media Creator 10 LJ Roxio Easy Media Creator Home SafeTransaction 5.7.0.0 Samsung Kies SAMSUNG USB Driver for Mobile Phones SaveByclick Skype? 6.9 SmartSound Quicktracks for Premiere Elements 9.0 TeamViewer 7 VAIO - Media Gallery VAIO - PMB VAIO Edition Guide VAIO - PMB VAIO Edition Plug-in VAIO - Remote Keyboard VAIO Care VAIO Control Center VAIO Data Restore Tool VAIO Gate VAIO Gate Default VAIO Hardware Diagnostics VAIO Manual VAIO Media plus VAIO Media plus Opening Movie VAIO Quick Web Access VAIO Sample Contents VAIO Smart Network VAIO Transfer Support VAIO Update VC80CRTRedist - 8.0.50727.6195 VESx86 VU5x64 VU5x86 WIDCOMM Bluetooth Software Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Live 影像中心 Windows Live 照片库 Windows Live 程式集 Windows Live 软件包 WinRAR 4.00 (64-bit) 支付宝安全控件 3.15.0.0 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) 適用遠端連線的 Windows Live Mesh ActiveX 控制項 阿里旺旺2011正式版SP2 騰訊QQ2012 . ==== Event Viewer Messages From Past Week ======== . 26/10/2013 22:50:53, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 10-78-D2-F4-C6-0B. Network operations on this system may be disrupted as a result. 26/10/2013 22:26:01, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. 26/10/2013 20:44:38, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect. 26/10/2013 20:42:30, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed. . ==== End Of File ===========================
  7. sunshineboy00
    Also, the firewall settings is back to normal now. seems everything is ok?
  8. sunshineboy00
    Yes i found it and delete it and error messages not pops up again. below is the log from Combofix ComboFix 12-02-22.01 - Cliff Chau 23/02/2012 22:26:13.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.8173.6287 [GMT 8:00] 执行位置: c:\users\Cliff Chau\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Webroot Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * 成功创造新还原点 . Error: Cfiles.dat . ((((((((((((((((((((((((((((((((((((((( 被删除的档案 ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\assembly\tmp\U . . ((((((((((((((((((((((((( 2012-01-23 至 2012-02-23 的新的档案 ))))))))))))))))))))))))))))))) . . 2012-02-23 14:30 . 2012-02-23 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-05 04:34 . 2012-02-05 04:34 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{59A5FE0B-022B-4EA7-BD79-2600E7D79F0E} 2012-02-05 04:34 . 2012-02-05 04:34 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{426F643B-7499-4EA4-8172-2580AFDBB923} 2012-02-05 04:34 . 2012-02-05 04:34 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{879B3FE3-0636-4D11-BCE2-07A71E24398C} 2012-02-05 04:34 . 2012-02-05 04:34 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C6E87831-75D9-4937-9917-92E588921C42} 2012-02-04 12:59 . 2012-02-04 12:59 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{1FE61014-FE40-4D1F-A627-B74AE098B355} 2012-02-04 12:49 . 2012-02-04 12:49 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{64591CBE-35E5-46C0-9E81-FEA1F7DEBA98} 2012-02-04 12:49 . 2012-02-04 12:49 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{AB9A61BC-22B1-42B6-BB8C-E4A5E9B4281D} 2012-02-04 12:46 . 2012-02-04 12:46 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A2A52D86-E900-4BE8-AEE6-27EE84FBA178} 2012-02-04 12:46 . 2012-02-04 12:46 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B5665500-8D21-4931-A812-C786F569C867} . . . (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-07 11:37 . 2011-02-15 08:39 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-12-27 16:30 . 2011-10-23 06:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-10 07:24 . 2011-12-27 17:57 23152 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白与合法缺省登录将不会被显示 REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] "Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-11-30 83344] "PPS Accelerator"="d:\99soft~1\PPS\PPStream\ppsap.exe" [2010-02-24 214408] "Octoshape Streaming Services"="c:\users\Cliff Chau\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936] "HKToolbarManager"="c:\program files (x86)\881903\IETOOLBAR\hkmgr.exe" [2011-10-18 652288] "aliim"="c:\program files (x86)\AliWangWang\aliim.exe" [2011-12-20 222624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 McMPFSvc;McAfee Personal Firewall Service; [x] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2010-02-24 362992] R3 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x] R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2010-02-24 313840] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152] R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176] S2 regi;regi;c:\windows\system32\drivers\regi.sys [x] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [x] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 257936] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688] S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400] S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280] S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-27 2656280] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-12-06 584080] S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000] S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-26 549168] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-12-10 923024] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 NWLowRider;NextWindow LowRider Touch Screen;c:\windows\system32\drivers\NWLowRider.sys [x] S3 NWWakeFilterLR;NextWindow Remote Wake Blocker;c:\windows\system32\drivers\NWWakeFilterLR.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768] S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608] . . ‘计划任务’ 文件夹 里的内容 . 2012-02-23 c:\windows\Tasks\AliUpdater{DB3DD48A-AE7A-4A19-AC73-2C30AA4EE87D}.job - c:\program files (x86)\AliWangWang\AliTask.exe [2011-11-22 01:58] . . --------- x86-64 ----------- . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs spsslm . ------- 而外的扫描 ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.appledaily.com.hk/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: 添加为阿里旺旺表情 - c:\program files (x86)\AliWangWang\7.00.20C\AddNewEmotion.htm Trusted Zone: alipay.com Trusted Zone: alisoft.com Trusted Zone: pps.tv Trusted Zone: ppstream.com Trusted Zone: taobao.com Trusted Zone: webscache.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Cliff Chau\AppData\Roaming\Mozilla\Firefox\Profiles\s6egiukh.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2188594118-1625532197-1227473150-1000_Classes\.*?柼扂e鷈6e剉颯憉噀鯪] @Allowed: (Read) (RestrictedCode) @="AliFileCheck.File" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.*?柼扂e鷈6e剉颯憉噀鯪] @="AliFileCheck.File" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . 完成时间: 2012-02-23 22:31:30 ComboFix-quarantined-files.txt 2012-02-23 14:31 ComboFix2.txt 2012-02-06 11:29 . Pre-Run: 110,086,651,904 bytes free Post-Run: 109,907,726,336 bytes free . - - End Of File - - F7E87F55BAD7041584CB1E806755E7EE
  9. sunshineboy00
    Hi, I attached the sceen shots of the messages prompted when I turn on the PC. Thanks.
  10. sunshineboy00
    by the way, I am out of town from tomorrow may I know if I can continue after I come back on 21st Feb? Thanks for your support so far!! really appreciate that ;)
  11. sunshineboy00
    Now everytime I turn on PC it saids ERUNT could not be used or something and there is a save error asking me if I want to use the next registry, I pressed 'No'
  12. sunshineboy00
    Hi, here it is, Farbar Service Scanner Version: 05-02-2012 Ran by Cliff Chau (administrator) on 10-02-2012 at 19:16:20 Running from "D:\99 Software Download\Malwarebytes" Microsoft Windows 7 Home Premium (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: =========== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll [2009-07-14 07:21] - [2009-07-14 09:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9 C:\Windows\System32\mpssvc.dll [2009-07-14 08:09] - [2009-07-14 09:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-14 07:36] - [2009-07-14 09:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2009-07-14 08:36] - [2009-07-14 09:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  13. sunshineboy00
    Hi, I already followed your instruction, but window firewall setting still prompt that error message. :(
  14. sunshineboy00
    Hi Elise, here is the FSS log. Thanks alot ! Farbar Service Scanner Version: 05-02-2012 Ran by Cliff Chau (administrator) on 07-02-2012 at 23:47:03 Running from "D:\99 Software Download\Malwarebytes" Microsoft Windows 7 Home Premium (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: =========== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll [2009-07-14 07:21] - [2009-07-14 09:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9 C:\Windows\System32\mpssvc.dll [2009-07-14 08:09] - [2009-07-14 09:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-14 07:36] - [2009-07-14 09:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2009-07-14 08:36] - [2009-07-14 09:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  15. sunshineboy00
    There is one thing in my PC is that my firewall seems could not be function properly, when I try to configure the firewall (control panel > system and security > Windows Firewall > Turn Window firewall On and Off), I press the 'use recommended settings' and it prompts 'Windows Firewall can't chane some of your settings. Error code 0x80070424' I heard this also relate to the malwarebytes. is that true? Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.