Jump to content

svchost.exe


Recommended Posts

Merged post

Hi, I have run malwarebytes today and its picking up I have svchost.ex trojan but isn't removing it from my system.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Ally at 21:08:47 on 2012-03-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4044.2350 [GMT 0:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\System32\vds.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\ComboFix\CF9152.3XE

C:\Windows\system32\conhost.exe

C:\Windows\system32\vssadmin.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = astroburn-search.com

uInternet Settings,ProxyOverride = <local>;*.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Astroburn Toolbar: {efeed92a-a33d-4873-ba8f-32baa631e54d} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Ally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - C:\Users\Ally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A2798423-5832-425E-B4B4-40F2EFFAB82D} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{E3BCE5D2-256F-451F-BFD2-94E7142D7A46} : DhcpNameServer = 62.26.0.10 62.26.0.66

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Astroburn Toolbar: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

Hosts: 149.5.18.172 www.google-analytics.com.

Hosts: 149.5.18.172 ad-emea.doubleclick.net.

Hosts: 149.5.18.172 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\zfhpbylu.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Ally\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-4-29 146592]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-4-29 91296]

R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-15 13336]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-15 2361344]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-1-29 259192]

R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe [2010-8-2 199600]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-11-15 105024]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-15 2656280]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-11-15 852160]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-29 44736]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-10-27 1429608]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]

S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-30 1038088]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]

S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]

S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-03-13 21:08:27 -------- d-s---w- C:\ComboFix

2012-03-13 20:59:02 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B99D28CD-7CF3-410A-9355-B8E4D91FC1DF}\mpengine.dll

2012-03-13 20:53:29 -------- d-sh--w- C:\$RECYCLE.BIN

2012-03-13 20:23:54 98816 ----a-w- C:\Windows\sed.exe

2012-03-13 20:23:54 518144 ----a-w- C:\Windows\SWREG.exe

2012-03-13 20:23:54 256000 ----a-w- C:\Windows\PEV.exe

2012-03-13 20:23:54 208896 ----a-w- C:\Windows\MBR.exe

2012-03-13 19:39:35 20480 ----a-w- C:\Windows\svchost.exe

2012-03-13 19:17:18 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9424.tmp

2012-03-13 19:17:18 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9423.tmp

2012-03-13 19:13:48 -------- d-----w- C:\Users\Ally\AppData\Local\{AC052BA6-AC34-44CE-BE57-F24021852980}

2012-03-13 19:13:36 -------- d-----w- C:\Users\Ally\AppData\Local\{A45FF23F-703E-435A-A9EA-5BD4C8CC7CC2}

2012-03-12 19:02:31 -------- d-----w- C:\Users\Ally\AppData\Local\{0F3734C0-59F6-4E35-830D-458D43CB1ECB}

2012-03-12 19:00:53 -------- d-----w- C:\Users\Ally\AppData\Local\{BA4F8FA4-A956-4B25-816C-4E68739F0410}

2012-03-11 18:25:06 -------- d-----w- C:\Program Files\iPod

2012-03-11 18:25:04 -------- d-----w- C:\Program Files\iTunes

2012-03-11 13:38:59 -------- d-----w- C:\Users\Ally\AppData\Local\{E9AD194F-FE2C-4FE3-AB60-EACCA3AB1E0F}

2012-03-11 13:38:45 -------- d-----w- C:\Users\Ally\AppData\Local\{24213AE6-B940-405E-A32B-EC1C9DB30D8C}

2012-03-10 20:43:20 -------- d-----w- C:\Users\Ally\AppData\Local\{9C617CEC-D2C5-45C9-BC4A-F7CEEF561CE3}

2012-03-10 20:43:09 -------- d-----w- C:\Users\Ally\AppData\Local\{C839E3A8-2DE6-41E5-AF3C-AF6985F4E412}

2012-03-10 08:41:29 -------- d-----w- C:\Users\Ally\AppData\Local\{3E22CA4B-0225-4565-90A6-71A06086DDF2}

2012-03-10 08:41:14 -------- d-----w- C:\Users\Ally\AppData\Local\{AD482E66-6A2D-4E21-ADBA-E136E7DDE79D}

2012-03-09 18:44:19 -------- d-----w- C:\Users\Ally\AppData\Local\{8B428CEB-F9EA-42B1-89C9-928350D2DD34}

2012-03-09 18:44:06 -------- d-----w- C:\Users\Ally\AppData\Local\{FE16158D-296E-407D-82ED-41195A516089}

2012-03-07 19:53:20 -------- d-----w- C:\Users\Ally\AppData\Local\{8195E3FE-1A59-46FF-9483-F99F797B64DD}

2012-03-07 19:53:08 -------- d-----w- C:\Users\Ally\AppData\Local\{6BC75626-0973-40B3-93AE-64BD4FF4C6A9}

2012-03-06 18:28:57 -------- d-----w- C:\Users\Ally\AppData\Local\{F8B00BCF-ADC0-438E-A9CF-AA701E879283}

2012-03-06 18:28:43 -------- d-----w- C:\Users\Ally\AppData\Local\{297A2A49-0A96-4974-86DC-5BD298FEB8E5}

2012-03-05 19:04:02 -------- d-----w- C:\Users\Ally\AppData\Local\{260C13B0-AA4F-49D2-A7FF-85279FE31F62}

2012-03-05 19:03:49 -------- d-----w- C:\Users\Ally\AppData\Local\{F51310A7-B963-4370-859E-93AA82373985}

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-03-04 10:21:22 -------- d-----w- C:\Users\Ally\AppData\Local\{73B33CC2-E82E-47EC-90B0-A599004A1AF8}

2012-03-04 10:21:11 -------- d-----w- C:\Users\Ally\AppData\Local\{006CDBC9-E337-4DB8-BFC2-F8C7555D01D6}

2012-03-03 14:28:48 -------- d-----w- C:\ProgramData\Telefónica

2012-03-03 14:28:37 -------- d-----w- C:\Users\Ally\AppData\Roaming\Telefónica

2012-03-03 14:27:51 79360 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys

2012-03-03 14:27:51 76288 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys

2012-03-03 14:27:51 49664 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys

2012-03-03 14:27:51 27136 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys

2012-03-03 14:27:51 1721576 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01009.dll

2012-03-03 14:27:41 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys

2012-03-03 14:27:41 250368 ----a-w- C:\Windows\System32\drivers\ewusbnet.sys

2012-03-03 14:27:41 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys

2012-03-03 14:27:41 120704 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys

2012-03-03 14:27:41 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys

2012-03-03 14:27:28 114560 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys

2012-03-03 14:27:16 -------- d-----w- C:\Program Files (x86)\HUAWEI Modem Driver

2012-03-03 14:26:53 -------- d-----w- C:\Program Files (x86)\O2

2012-03-03 13:25:40 -------- d-----w- C:\Users\Ally\AppData\Local\{2B0CB3A5-0BD1-4699-8DDD-0DB64B3A6D67}

2012-03-03 13:25:21 -------- d-----w- C:\Users\Ally\AppData\Local\{D71C4423-4C91-4A95-8451-FCB5AE49E682}

2012-03-02 18:39:01 -------- d-----w- C:\Users\Ally\AppData\Local\{0B3CF4C3-CCEB-4CD7-ACFB-AB9A7EEEC975}

2012-03-02 18:38:50 -------- d-----w- C:\Users\Ally\AppData\Local\{8345555C-4C20-4B53-A2FE-30CF851656CF}

2012-03-01 19:46:04 -------- d-----w- C:\Users\Ally\AppData\Local\{C08CB2D5-0509-46DB-A0DA-8E88A4C8F0D9}

2012-03-01 19:45:53 -------- d-----w- C:\Users\Ally\AppData\Local\{4B66F37B-24F9-4028-B198-B64B38E78E0E}

2012-02-29 18:33:55 -------- d-----w- C:\Users\Ally\AppData\Local\{4F7A9376-00A8-4E56-AA07-E7C46A51C925}

2012-02-29 18:33:43 -------- d-----w- C:\Users\Ally\AppData\Local\{B15766F7-7782-42E3-84E4-C41628F26C54}

2012-02-28 18:04:23 -------- d-----w- C:\Users\Ally\AppData\Local\{62527A0B-4E29-41CC-A8B3-83BED8950FFB}

2012-02-28 18:04:12 -------- d-----w- C:\Users\Ally\AppData\Local\{79135D07-CB98-4697-8FC5-DFCC3D03F73D}

2012-02-27 17:58:35 -------- d-----w- C:\Users\Ally\AppData\Local\{2F4106B6-4B95-40CD-92BA-FBD0D60B2E94}

2012-02-27 17:58:23 -------- d-----w- C:\Users\Ally\AppData\Local\{CC997018-495C-4962-BCE8-F114892B5EAF}

2012-02-26 18:17:22 -------- d-----w- C:\Users\Ally\AppData\Local\{F13F3B4F-7FC8-4D25-AFF8-FBEDC39D6F0F}

2012-02-26 18:17:06 -------- d-----w- C:\Users\Ally\AppData\Local\{C6FC08A4-467D-49C2-9239-E5F3A4FC5AC9}

2012-02-25 17:50:17 -------- d-----w- C:\Users\Ally\AppData\Local\HP

2012-02-25 09:51:45 -------- d-----w- C:\Users\Ally\AppData\Local\{7CC1203C-99BA-499F-9D2A-2D18E4E63913}

2012-02-25 09:51:33 -------- d-----w- C:\Users\Ally\AppData\Local\{72BA1CB9-B3B9-49B6-831D-7A1FBE0EDFC2}

2012-02-23 19:53:22 -------- d-----w- C:\Users\Ally\AppData\Local\{357697DB-8371-4D32-99AA-B40C776D83D5}

2012-02-23 19:53:09 -------- d-----w- C:\Users\Ally\AppData\Local\{6A7DD6BF-90E8-41F7-8D7A-028386DE3738}

2012-02-22 19:10:36 -------- d-----w- C:\Users\Ally\AppData\Local\{3264BB89-8093-4EFF-82FC-45981726CFDE}

2012-02-22 19:10:21 -------- d-----w- C:\Users\Ally\AppData\Local\{796DE760-819D-4BEB-9CDC-CC0BAFCEBD09}

2012-02-21 18:56:02 -------- d-----w- C:\Users\Ally\AppData\Local\{4702A8F2-3A3B-4D69-8E31-A1BE8369A5CD}

2012-02-21 18:55:47 -------- d-----w- C:\Users\Ally\AppData\Local\{DB9AC29F-CE5C-4458-98DA-C91A53620B86}

2012-02-20 18:48:34 -------- d-----w- C:\Users\Ally\AppData\Local\{BCF68ADB-E403-422A-8713-325B030CE537}

2012-02-20 18:48:23 -------- d-----w- C:\Users\Ally\AppData\Local\{1AF83BC0-5D62-4BAE-8971-0B921862E2FB}

2012-02-19 13:08:33 -------- d-----w- C:\Users\Ally\AppData\Roaming\Wodaxeo

2012-02-19 13:08:33 -------- d-----w- C:\Users\Ally\AppData\Roaming\Ibz

2012-02-19 11:39:51 -------- d-----w- C:\Users\Ally\AppData\Local\{2940474A-4AD6-43BF-94D9-AE9E70995D25}

2012-02-19 11:39:38 -------- d-----w- C:\Users\Ally\AppData\Local\{B120410C-AFA4-4813-BFED-B7611DAF4F4D}

2012-02-18 20:49:15 -------- d-----w- C:\Users\Ally\AppData\Local\{B30651F8-3452-43FF-B575-9F87F2D5C898}

2012-02-18 20:49:04 -------- d-----w- C:\Users\Ally\AppData\Local\{4A0E57A7-A4A1-483D-9694-525AF4378675}

2012-02-18 08:47:34 -------- d-----w- C:\Users\Ally\AppData\Local\{1FFA0E00-0A94-4336-BD4D-93FA8373E0EC}

2012-02-18 08:47:22 -------- d-----w- C:\Users\Ally\AppData\Local\{1B656D4E-580B-477B-8FF5-CD96EBB523CC}

2012-02-17 18:12:44 -------- d-----w- C:\Users\Ally\AppData\Local\{98F04E86-CDED-417E-86DE-671510EE9CD2}

2012-02-17 18:12:33 -------- d-----w- C:\Users\Ally\AppData\Local\{FB1C0CC5-E76C-4605-AC7E-4B84D04C5E95}

2012-02-16 19:59:38 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-16 19:59:38 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-16 19:59:34 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-16 19:59:34 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-16 19:59:33 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-16 19:59:25 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-16 19:58:54 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-16 19:58:54 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-16 19:49:34 -------- d-----w- C:\Users\Ally\AppData\Local\{B985227F-8A82-4448-A826-2F5D8814D116}

2012-02-16 19:49:22 -------- d-----w- C:\Users\Ally\AppData\Local\{B45CB6D4-8656-4B11-93CB-A9BB0D5DC6A7}

2012-02-15 18:59:27 -------- d-----w- C:\Users\Ally\AppData\Local\{8ACBDC74-D835-447C-ADB7-6C246F5F08F8}

2012-02-15 18:59:17 -------- d-----w- C:\Users\Ally\AppData\Local\{278B4453-F7D8-497F-9AF3-CF1986819594}

2012-02-15 11:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 11:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-13 18:07:42 -------- d-----w- C:\Users\Ally\AppData\Local\{1155FE22-C7F0-49E2-A373-CD5429D6F2F9}

2012-02-13 18:07:29 -------- d-----w- C:\Users\Ally\AppData\Local\{5D1C4443-3B5B-4CD1-A45E-58C08188CB27}

.

==================== Find3M ====================

.

2012-02-19 11:41:41 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-04 17:37:28 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-30 18:57:36 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

.

============= FINISH: 21:11:41.91 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 28/01/2012 16:08:11

System Uptime: 13/03/2012 20:52:45 (1 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core i3-2330M CPU @ 2.20GHz | N/A | 990/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 449 GiB total, 308.847 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C4700 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C4700 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsle1e0f04a

Device ID: ROOT\LEGACY_MPKSLE1E0F04A\0000

Manufacturer:

Name: MpKsle1e0f04a

PNP Device ID: ROOT\LEGACY_MPKSLE1E0F04A\0000

Service: MpKsle1e0f04a

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&0002000A_PID&0000\8&36479C76&0&8C6422967F9B_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&0002000A_PID&0000\8&36479C76&0&8C6422967F9B_C00000000

Service:

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart C4700 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart C4700 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

==== System Restore Points ===================

.

RP63: 13/03/2012 21:09:30 - ComboFix created restore point

.

==== Hosts File Hijack ======================

.

Hosts: 149.5.18.172 www.google-analytics.com.

Hosts: 149.5.18.172 ad-emea.doubleclick.net.

Hosts: 149.5.18.172 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

Hosts: 108.163.215.51 www.statcounter.com.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

????? Messenger

????? Windows Live

?????? Windows Live

??????? ????????? Windows Live Mesh ActiveX ??? ?????????? ??????????

??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????

???????? ?? Messenger

???????? ?????????? Windows Live

????????? Messenger

?????????? Windows Live

??????????? ?? Windows Live

???????????? Windows Live

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh

ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe Community Help

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Drive CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Fonts All

Adobe Linguistics CS4

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Reader X MUI

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Amazon MP3 Downloader 1.0.9

Apple Application Support

Apple Software Update

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 4

Astroburn Lite

Astroburn Toolbar

Atheros WiFi Driver Installation

Bing Bar

BitTorrent

BufferChm

C4700

Complemento Messenger

Complément Messenger

Connect

Connection Manager

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX Windows Live Mesh pentru conexiuni la distan?a

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

Coupon Printer for Windows

D3DX10

DAEMON Tools Lite

Destinations

DeviceDiscovery

Doplnok programu Messenger

DVD Shrink 3.2

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych

Free Studio version 5.3.3

Galeria de Fotografias do Windows Live

Galeria fotografii uslugi Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Google Chrome

GPBaseService2

HandBrake 0.9.5

HP Photo Creations

HP Update

HPPhotoGadget

HPProductAssistant

HPSSupply

HUAWEI DataCard Driver 4.05.00.00

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 22

Junk Mail filter update

kuler

Last.fm 1.5.4.27091

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

Mesh Runtime

Messenger-kumppani

Messenger Assistent

Messenger Companion

Messenger kíséro

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_CRT_x86

Mozilla Firefox 10.0.2 (x86 en-GB)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Nero 7 Premium

neroxml

Opera 11.61

Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení

Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia

PDF Settings CS4

Photoshop Camera Raw

PMB

PMB VAIO Edition Guide

PMB VAIO Edition Plug-in

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Pomocnik Messenger

PS_AIO_06_C4700_SW_Min

Quick Web Access

QuickTime

QuickTransfer

Raccolta foto di Windows Live

RCT3 Soaked

Realtek PCIE Card Reader

Remote Keyboard

Remote Play with PlayStation 3

RollerCoaster Tycoon 2

RollerCoaster Tycoon 2: Time Twister

RollerCoaster Tycoon 2: Wacky Worlds

RollerCoaster Tycoon 3

S?????? f?t???af??? t?? Windows Live

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

ShufflePlusVLOI

SmartSound Quicktracks for Premiere Elements 9.0

SmartWebPrinting

SolutionCenter

SSLx86

St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??

Status

Suite Shared Configuration CS4

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi

VAIO - Media Gallery

VAIO - PMB VAIO Edition Guide

VAIO - PMB VAIO Edition Plug-in

VAIO - Remote Keyboard

VAIO - Remote Play with PlayStation®3

VAIO Care

VAIO Control Center

VAIO Data Restore Tool

VAIO Easy Connect

VAIO Event Service

VAIO Gate

VAIO Gate Default

VAIO Hardware Diagnostics

VAIO Hero Screensaver - Summer 2011 Screensaver

VAIO Improvement

VAIO Manual

VAIO Sample Contents

VAIO Smart Network

VAIO Transfer Support

VAIO Update

VCCx86

VESx86

VIx86

VWSTx86

WebReg

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger

Windows Live Mesh ActiveX-objekt til fjernforbindelser

Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Meshin etäyhteyksien ActiveX-komponentti

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

.

==== Event Viewer Messages From Past Week ========

.

13/03/2012 21:07:18, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

13/03/2012 21:07:18, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

13/03/2012 20:41:52, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

13/03/2012 19:39:14, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

13/03/2012 19:19:28, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

13/03/2012 19:13:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/03/2012 19:00:03, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

11/03/2012 18:22:20, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/03/2012 13:37:52, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

10/03/2012 08:40:21, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

09/03/2012 18:42:29, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

07/03/2012 19:52:10, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

06/03/2012 18:27:44, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Malwarebytes log file

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.13.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ally :: ALLY-VAIO [administrator]

14/03/2012 18:53:53

mbam-log-2012-03-14 (19-12-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196354

Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 3188 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

Link to post
Share on other sites

Sorry didn't see the post about p2p, have uninstalled

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Ally at 20:48:41 on 2012-03-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4044.2185 [GMT 0:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files\Sony\VAIO Care\Admload.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\NIRCMD.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = astroburn-search.com

uInternet Settings,ProxyOverride = <local>;*.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Astroburn Toolbar: {efeed92a-a33d-4873-ba8f-32baa631e54d} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Ally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - C:\Users\Ally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A2798423-5832-425E-B4B4-40F2EFFAB82D} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{E3BCE5D2-256F-451F-BFD2-94E7142D7A46} : DhcpNameServer = 62.26.0.10 62.26.0.66

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Astroburn Toolbar: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

Hosts: 149.5.18.172 www.google-analytics.com.

Hosts: 149.5.18.172 ad-emea.doubleclick.net.

Hosts: 149.5.18.172 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\zfhpbylu.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Ally\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-4-29 146592]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-4-29 91296]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-15 13336]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-15 2361344]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-1-29 259192]

R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe [2010-8-2 199600]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-11-15 105024]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-15 2656280]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-11-15 852160]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-29 44736]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-10-27 1429608]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]

S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-30 1038088]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]

S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]

S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-03-14 20:48:20 -------- d-s---w- C:\ComboFix

2012-03-14 20:01:31 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D85F860-5C37-4A30-A025-9C99E89933F3}\mpengine.dll

2012-03-14 19:36:09 -------- d-----w- C:\Users\Ally\AppData\Local\{00EF0604-E48A-4CAA-AB07-F7519C33DB3A}

2012-03-14 19:35:58 -------- d-----w- C:\Users\Ally\AppData\Local\{2BFF0E74-A0BA-49A0-A709-C38C2E9FD5C7}

2012-03-14 19:30:54 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-14 07:33:35 -------- d-----w- C:\Users\Ally\AppData\Local\{7FFC5D4C-19E9-48E5-B380-ECC3DFF42DAC}

2012-03-14 07:33:22 -------- d-----w- C:\Users\Ally\AppData\Local\{F7C5D29D-84D9-4FA6-8786-6E6AEA82676B}

2012-03-13 19:39:35 20480 ----a-w- C:\Windows\svchost.exe

2012-03-13 19:17:18 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9424.tmp

2012-03-13 19:17:18 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9423.tmp

2012-03-13 19:13:48 -------- d-----w- C:\Users\Ally\AppData\Local\{AC052BA6-AC34-44CE-BE57-F24021852980}

2012-03-13 19:13:36 -------- d-----w- C:\Users\Ally\AppData\Local\{A45FF23F-703E-435A-A9EA-5BD4C8CC7CC2}

2012-03-12 19:02:31 -------- d-----w- C:\Users\Ally\AppData\Local\{0F3734C0-59F6-4E35-830D-458D43CB1ECB}

2012-03-12 19:00:53 -------- d-----w- C:\Users\Ally\AppData\Local\{BA4F8FA4-A956-4B25-816C-4E68739F0410}

2012-03-11 18:25:06 -------- d-----w- C:\Program Files\iPod

2012-03-11 18:25:04 -------- d-----w- C:\Program Files\iTunes

2012-03-11 13:38:59 -------- d-----w- C:\Users\Ally\AppData\Local\{E9AD194F-FE2C-4FE3-AB60-EACCA3AB1E0F}

2012-03-11 13:38:45 -------- d-----w- C:\Users\Ally\AppData\Local\{24213AE6-B940-405E-A32B-EC1C9DB30D8C}

2012-03-10 20:43:20 -------- d-----w- C:\Users\Ally\AppData\Local\{9C617CEC-D2C5-45C9-BC4A-F7CEEF561CE3}

2012-03-10 20:43:09 -------- d-----w- C:\Users\Ally\AppData\Local\{C839E3A8-2DE6-41E5-AF3C-AF6985F4E412}

2012-03-10 08:41:29 -------- d-----w- C:\Users\Ally\AppData\Local\{3E22CA4B-0225-4565-90A6-71A06086DDF2}

2012-03-10 08:41:14 -------- d-----w- C:\Users\Ally\AppData\Local\{AD482E66-6A2D-4E21-ADBA-E136E7DDE79D}

2012-03-09 18:44:19 -------- d-----w- C:\Users\Ally\AppData\Local\{8B428CEB-F9EA-42B1-89C9-928350D2DD34}

2012-03-09 18:44:06 -------- d-----w- C:\Users\Ally\AppData\Local\{FE16158D-296E-407D-82ED-41195A516089}

2012-03-07 19:53:20 -------- d-----w- C:\Users\Ally\AppData\Local\{8195E3FE-1A59-46FF-9483-F99F797B64DD}

2012-03-07 19:53:08 -------- d-----w- C:\Users\Ally\AppData\Local\{6BC75626-0973-40B3-93AE-64BD4FF4C6A9}

2012-03-06 18:28:57 -------- d-----w- C:\Users\Ally\AppData\Local\{F8B00BCF-ADC0-438E-A9CF-AA701E879283}

2012-03-06 18:28:43 -------- d-----w- C:\Users\Ally\AppData\Local\{297A2A49-0A96-4974-86DC-5BD298FEB8E5}

2012-03-05 19:04:02 -------- d-----w- C:\Users\Ally\AppData\Local\{260C13B0-AA4F-49D2-A7FF-85279FE31F62}

2012-03-05 19:03:49 -------- d-----w- C:\Users\Ally\AppData\Local\{F51310A7-B963-4370-859E-93AA82373985}

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-03-04 15:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-03-04 10:21:22 -------- d-----w- C:\Users\Ally\AppData\Local\{73B33CC2-E82E-47EC-90B0-A599004A1AF8}

2012-03-04 10:21:11 -------- d-----w- C:\Users\Ally\AppData\Local\{006CDBC9-E337-4DB8-BFC2-F8C7555D01D6}

2012-03-03 14:28:48 -------- d-----w- C:\ProgramData\Telefónica

2012-03-03 14:28:37 -------- d-----w- C:\Users\Ally\AppData\Roaming\Telefónica

2012-03-03 14:27:51 79360 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys

2012-03-03 14:27:51 76288 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys

2012-03-03 14:27:51 49664 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys

2012-03-03 14:27:51 27136 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys

2012-03-03 14:27:51 1721576 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01009.dll

2012-03-03 14:27:41 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys

2012-03-03 14:27:41 250368 ----a-w- C:\Windows\System32\drivers\ewusbnet.sys

2012-03-03 14:27:41 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys

2012-03-03 14:27:41 120704 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys

2012-03-03 14:27:41 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys

2012-03-03 14:27:28 114560 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys

2012-03-03 14:27:16 -------- d-----w- C:\Program Files (x86)\HUAWEI Modem Driver

2012-03-03 14:26:53 -------- d-----w- C:\Program Files (x86)\O2

2012-03-03 13:25:40 -------- d-----w- C:\Users\Ally\AppData\Local\{2B0CB3A5-0BD1-4699-8DDD-0DB64B3A6D67}

2012-03-03 13:25:21 -------- d-----w- C:\Users\Ally\AppData\Local\{D71C4423-4C91-4A95-8451-FCB5AE49E682}

2012-03-02 18:39:01 -------- d-----w- C:\Users\Ally\AppData\Local\{0B3CF4C3-CCEB-4CD7-ACFB-AB9A7EEEC975}

2012-03-02 18:38:50 -------- d-----w- C:\Users\Ally\AppData\Local\{8345555C-4C20-4B53-A2FE-30CF851656CF}

2012-03-01 19:46:04 -------- d-----w- C:\Users\Ally\AppData\Local\{C08CB2D5-0509-46DB-A0DA-8E88A4C8F0D9}

2012-03-01 19:45:53 -------- d-----w- C:\Users\Ally\AppData\Local\{4B66F37B-24F9-4028-B198-B64B38E78E0E}

2012-02-29 18:33:55 -------- d-----w- C:\Users\Ally\AppData\Local\{4F7A9376-00A8-4E56-AA07-E7C46A51C925}

2012-02-29 18:33:43 -------- d-----w- C:\Users\Ally\AppData\Local\{B15766F7-7782-42E3-84E4-C41628F26C54}

2012-02-28 18:04:23 -------- d-----w- C:\Users\Ally\AppData\Local\{62527A0B-4E29-41CC-A8B3-83BED8950FFB}

2012-02-28 18:04:12 -------- d-----w- C:\Users\Ally\AppData\Local\{79135D07-CB98-4697-8FC5-DFCC3D03F73D}

2012-02-27 17:58:35 -------- d-----w- C:\Users\Ally\AppData\Local\{2F4106B6-4B95-40CD-92BA-FBD0D60B2E94}

2012-02-27 17:58:23 -------- d-----w- C:\Users\Ally\AppData\Local\{CC997018-495C-4962-BCE8-F114892B5EAF}

2012-02-26 18:17:22 -------- d-----w- C:\Users\Ally\AppData\Local\{F13F3B4F-7FC8-4D25-AFF8-FBEDC39D6F0F}

2012-02-26 18:17:06 -------- d-----w- C:\Users\Ally\AppData\Local\{C6FC08A4-467D-49C2-9239-E5F3A4FC5AC9}

2012-02-25 17:50:17 -------- d-----w- C:\Users\Ally\AppData\Local\HP

2012-02-25 09:51:45 -------- d-----w- C:\Users\Ally\AppData\Local\{7CC1203C-99BA-499F-9D2A-2D18E4E63913}

2012-02-25 09:51:33 -------- d-----w- C:\Users\Ally\AppData\Local\{72BA1CB9-B3B9-49B6-831D-7A1FBE0EDFC2}

2012-02-23 19:53:22 -------- d-----w- C:\Users\Ally\AppData\Local\{357697DB-8371-4D32-99AA-B40C776D83D5}

2012-02-23 19:53:09 -------- d-----w- C:\Users\Ally\AppData\Local\{6A7DD6BF-90E8-41F7-8D7A-028386DE3738}

2012-02-22 19:10:36 -------- d-----w- C:\Users\Ally\AppData\Local\{3264BB89-8093-4EFF-82FC-45981726CFDE}

2012-02-22 19:10:21 -------- d-----w- C:\Users\Ally\AppData\Local\{796DE760-819D-4BEB-9CDC-CC0BAFCEBD09}

2012-02-21 18:56:02 -------- d-----w- C:\Users\Ally\AppData\Local\{4702A8F2-3A3B-4D69-8E31-A1BE8369A5CD}

2012-02-21 18:55:47 -------- d-----w- C:\Users\Ally\AppData\Local\{DB9AC29F-CE5C-4458-98DA-C91A53620B86}

2012-02-20 18:48:34 -------- d-----w- C:\Users\Ally\AppData\Local\{BCF68ADB-E403-422A-8713-325B030CE537}

2012-02-20 18:48:23 -------- d-----w- C:\Users\Ally\AppData\Local\{1AF83BC0-5D62-4BAE-8971-0B921862E2FB}

2012-02-19 13:08:33 -------- d-----w- C:\Users\Ally\AppData\Roaming\Wodaxeo

2012-02-19 13:08:33 -------- d-----w- C:\Users\Ally\AppData\Roaming\Ibz

2012-02-19 11:39:51 -------- d-----w- C:\Users\Ally\AppData\Local\{2940474A-4AD6-43BF-94D9-AE9E70995D25}

2012-02-19 11:39:38 -------- d-----w- C:\Users\Ally\AppData\Local\{B120410C-AFA4-4813-BFED-B7611DAF4F4D}

2012-02-18 20:49:15 -------- d-----w- C:\Users\Ally\AppData\Local\{B30651F8-3452-43FF-B575-9F87F2D5C898}

2012-02-18 20:49:04 -------- d-----w- C:\Users\Ally\AppData\Local\{4A0E57A7-A4A1-483D-9694-525AF4378675}

2012-02-18 08:47:34 -------- d-----w- C:\Users\Ally\AppData\Local\{1FFA0E00-0A94-4336-BD4D-93FA8373E0EC}

2012-02-18 08:47:22 -------- d-----w- C:\Users\Ally\AppData\Local\{1B656D4E-580B-477B-8FF5-CD96EBB523CC}

2012-02-17 18:12:44 -------- d-----w- C:\Users\Ally\AppData\Local\{98F04E86-CDED-417E-86DE-671510EE9CD2}

2012-02-17 18:12:33 -------- d-----w- C:\Users\Ally\AppData\Local\{FB1C0CC5-E76C-4605-AC7E-4B84D04C5E95}

2012-02-16 19:59:38 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-16 19:59:38 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-16 19:59:34 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-16 19:59:34 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-16 19:59:33 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-16 19:59:25 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-16 19:58:54 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-16 19:58:54 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-16 19:49:34 -------- d-----w- C:\Users\Ally\AppData\Local\{B985227F-8A82-4448-A826-2F5D8814D116}

2012-02-16 19:49:22 -------- d-----w- C:\Users\Ally\AppData\Local\{B45CB6D4-8656-4B11-93CB-A9BB0D5DC6A7}

2012-02-15 18:59:27 -------- d-----w- C:\Users\Ally\AppData\Local\{8ACBDC74-D835-447C-ADB7-6C246F5F08F8}

2012-02-15 18:59:17 -------- d-----w- C:\Users\Ally\AppData\Local\{278B4453-F7D8-497F-9AF3-CF1986819594}

2012-02-15 11:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 11:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

.

==================== Find3M ====================

.

2012-02-19 11:41:41 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-04 17:37:28 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-30 18:57:36 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

.

============= FINISH: 20:49:23.72 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 28/01/2012 16:08:11

System Uptime: 14/03/2012 19:31:31 (1 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core i3-2330M CPU @ 2.20GHz | N/A | 792/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 449 GiB total, 308.658 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C4700 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C4700 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsle1e0f04a

Device ID: ROOT\LEGACY_MPKSLE1E0F04A\0000

Manufacturer:

Name: MpKsle1e0f04a

PNP Device ID: ROOT\LEGACY_MPKSLE1E0F04A\0000

Service: MpKsle1e0f04a

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&0002000A_PID&0000\8&36479C76&0&8C6422967F9B_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&0002000A_PID&0000\8&36479C76&0&8C6422967F9B_C00000000

Service:

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart C4700 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart C4700 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

==== System Restore Points ===================

.

RP66: 14/03/2012 20:48:30 - ComboFix created restore point

.

==== Hosts File Hijack ======================

.

Hosts: 149.5.18.172 www.google-analytics.com.

Hosts: 149.5.18.172 ad-emea.doubleclick.net.

Hosts: 149.5.18.172 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

Hosts: 108.163.215.51 www.statcounter.com.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

????? Messenger

????? Windows Live

?????? Windows Live

??????? ????????? Windows Live Mesh ActiveX ??? ?????????? ??????????

??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????

???????? ?? Messenger

???????? ?????????? Windows Live

????????? Messenger

?????????? Windows Live

??????????? ?? Windows Live

???????????? Windows Live

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh

ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe Community Help

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Drive CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Fonts All

Adobe Linguistics CS4

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Reader X MUI

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Amazon MP3 Downloader 1.0.9

Apple Application Support

Apple Software Update

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 4

Astroburn Lite

Astroburn Toolbar

Atheros WiFi Driver Installation

Bing Bar

BufferChm

C4700

Complemento Messenger

Complément Messenger

Connect

Connection Manager

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX Windows Live Mesh pentru conexiuni la distan?a

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

Coupon Printer for Windows

D3DX10

DAEMON Tools Lite

Destinations

DeviceDiscovery

Doplnok programu Messenger

DVD Shrink 3.2

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych

Free Studio version 5.3.3

Galeria de Fotografias do Windows Live

Galeria fotografii uslugi Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Google Chrome

GPBaseService2

HandBrake 0.9.5

HP Photo Creations

HP Update

HPPhotoGadget

HPProductAssistant

HPSSupply

HUAWEI DataCard Driver 4.05.00.00

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 22

Junk Mail filter update

kuler

Last.fm 1.5.4.27091

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

Mesh Runtime

Messenger-kumppani

Messenger Assistent

Messenger Companion

Messenger kíséro

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_CRT_x86

Mozilla Firefox 10.0.2 (x86 en-GB)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Nero 7 Premium

neroxml

Opera 11.61

Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení

Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia

PDF Settings CS4

Photoshop Camera Raw

PMB

PMB VAIO Edition Guide

PMB VAIO Edition Plug-in

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Pomocnik Messenger

PS_AIO_06_C4700_SW_Min

Quick Web Access

QuickTime

QuickTransfer

Raccolta foto di Windows Live

RCT3 Soaked

Realtek PCIE Card Reader

Remote Keyboard

Remote Play with PlayStation 3

RollerCoaster Tycoon 2

RollerCoaster Tycoon 2: Time Twister

RollerCoaster Tycoon 2: Wacky Worlds

RollerCoaster Tycoon 3

S?????? f?t???af??? t?? Windows Live

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

ShufflePlusVLOI

SmartSound Quicktracks for Premiere Elements 9.0

SmartWebPrinting

SolutionCenter

SSLx86

St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??

Status

Suite Shared Configuration CS4

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi

VAIO - Media Gallery

VAIO - PMB VAIO Edition Guide

VAIO - PMB VAIO Edition Plug-in

VAIO - Remote Keyboard

VAIO - Remote Play with PlayStation®3

VAIO Care

VAIO Control Center

VAIO Data Restore Tool

VAIO Easy Connect

VAIO Event Service

VAIO Gate

VAIO Gate Default

VAIO Hardware Diagnostics

VAIO Hero Screensaver - Summer 2011 Screensaver

VAIO Improvement

VAIO Manual

VAIO Sample Contents

VAIO Smart Network

VAIO Transfer Support

VAIO Update

VCCx86

VESx86

VIx86

VWSTx86

WebReg

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger

Windows Live Mesh ActiveX-objekt til fjernforbindelser

Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz

Windows Live Mesh ActiveX control for remote connections

Windows Live Meshin etäyhteyksien ActiveX-komponentti

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

.

==== Event Viewer Messages From Past Week ========

.

14/03/2012 20:48:12, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 3 time(s).

14/03/2012 20:37:20, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

14/03/2012 20:20:39, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 2 time(s).

14/03/2012 19:43:50, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1437.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

14/03/2012 19:37:40, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

14/03/2012 19:37:40, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

14/03/2012 19:31:58, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

14/03/2012 18:33:18, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

14/03/2012 07:35:06, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.

13/03/2012 19:39:14, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

13/03/2012 19:19:28, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

13/03/2012 19:13:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

11/03/2012 18:22:20, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/03/2012 13:37:52, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

10/03/2012 08:40:21, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

09/03/2012 18:42:29, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

07/03/2012 19:52:10, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Followed all steps above TDSSkiller log below..

20:00:23.0795 5832 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

20:00:23.0920 5832 ============================================================

20:00:23.0920 5832 Current date / time: 2012/03/15 20:00:23.0920

20:00:23.0920 5832 SystemInfo:

20:00:23.0920 5832

20:00:23.0920 5832 OS Version: 6.1.7601 ServicePack: 1.0

20:00:23.0920 5832 Product type: Workstation

20:00:23.0920 5832 ComputerName: ALLY-VAIO

20:00:23.0920 5832 UserName: Ally

20:00:23.0920 5832 Windows directory: C:\Windows

20:00:23.0920 5832 System windows directory: C:\Windows

20:00:23.0920 5832 Running under WOW64

20:00:23.0920 5832 Processor architecture: Intel x64

20:00:23.0920 5832 Number of processors: 4

20:00:23.0920 5832 Page size: 0x1000

20:00:23.0920 5832 Boot type: Normal boot

20:00:23.0920 5832 ============================================================

20:00:24.0949 5832 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:00:24.0965 5832 \Device\Harddisk0\DR0:

20:00:24.0965 5832 MBR used

20:00:24.0965 5832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x21FF800, BlocksNum 0x32000

20:00:24.0965 5832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2231800, BlocksNum 0x38154030

20:00:24.0996 5832 Initialize success

20:00:24.0996 5832 ============================================================

20:01:03.0247 4436 ============================================================

20:01:03.0247 4436 Scan started

20:01:03.0247 4436 Mode: Manual; SigCheck; TDLFS;

20:01:03.0247 4436 ============================================================

20:01:04.0324 4436 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:01:04.0495 4436 1394ohci - ok

20:01:04.0620 4436 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:01:04.0651 4436 ACPI - ok

20:01:04.0761 4436 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:01:04.0854 4436 AcpiPmi - ok

20:01:04.0979 4436 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys

20:01:05.0026 4436 adfs - ok

20:01:05.0166 4436 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

20:01:05.0213 4436 adp94xx - ok

20:01:05.0338 4436 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

20:01:05.0369 4436 adpahci - ok

20:01:05.0494 4436 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

20:01:05.0525 4436 adpu320 - ok

20:01:05.0681 4436 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:01:05.0759 4436 AFD - ok

20:01:05.0868 4436 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:01:05.0899 4436 agp440 - ok

20:01:06.0009 4436 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:01:06.0040 4436 aliide - ok

20:01:06.0133 4436 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:01:06.0165 4436 amdide - ok

20:01:06.0258 4436 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

20:01:06.0305 4436 AmdK8 - ok

20:01:06.0414 4436 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

20:01:06.0477 4436 AmdPPM - ok

20:01:06.0570 4436 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:01:06.0601 4436 amdsata - ok

20:01:06.0711 4436 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

20:01:06.0742 4436 amdsbs - ok

20:01:06.0851 4436 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:01:06.0882 4436 amdxata - ok

20:01:07.0007 4436 ApfiltrService (12bfa9ec4b03cc16bb7d19baa308aef2) C:\Windows\system32\DRIVERS\Apfiltr.sys

20:01:07.0038 4436 ApfiltrService - ok

20:01:07.0147 4436 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:01:07.0366 4436 AppID - ok

20:01:07.0522 4436 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

20:01:07.0537 4436 arc - ok

20:01:07.0647 4436 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

20:01:07.0678 4436 arcsas - ok

20:01:07.0756 4436 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

20:01:07.0787 4436 ArcSoftKsUFilter - ok

20:01:07.0912 4436 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:01:08.0115 4436 AsyncMac - ok

20:01:08.0224 4436 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:01:08.0255 4436 atapi - ok

20:01:08.0380 4436 AthBTPort (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys

20:01:08.0380 4436 AthBTPort - ok

20:01:08.0598 4436 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys

20:01:08.0770 4436 athr - ok

20:01:08.0910 4436 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

20:01:08.0988 4436 b06bdrv - ok

20:01:09.0113 4436 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:01:09.0175 4436 b57nd60a - ok

20:01:09.0316 4436 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:01:09.0425 4436 Beep - ok

20:01:09.0550 4436 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:01:09.0597 4436 blbdrive - ok

20:01:09.0721 4436 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:01:09.0799 4436 bowser - ok

20:01:09.0893 4436 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

20:01:09.0955 4436 BrFiltLo - ok

20:01:10.0049 4436 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

20:01:10.0080 4436 BrFiltUp - ok

20:01:10.0221 4436 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

20:01:10.0314 4436 BridgeMP - ok

20:01:10.0439 4436 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:01:10.0501 4436 Brserid - ok

20:01:10.0611 4436 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:01:10.0657 4436 BrSerWdm - ok

20:01:10.0767 4436 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:01:10.0813 4436 BrUsbMdm - ok

20:01:10.0923 4436 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:01:10.0969 4436 BrUsbSer - ok

20:01:11.0094 4436 BTATH_A2DP (b3bcd755fa9a359d10208cc9f09847cc) C:\Windows\system32\drivers\btath_a2dp.sys

20:01:11.0110 4436 BTATH_A2DP - ok

20:01:11.0235 4436 btath_avdt (9bbba9d6dbdefc8a6542bc7a6ebaf710) C:\Windows\system32\drivers\btath_avdt.sys

20:01:11.0250 4436 btath_avdt - ok

20:01:11.0562 4436 BTATH_BUS (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\DRIVERS\btath_bus.sys

20:01:11.0578 4436 BTATH_BUS - ok

20:01:11.0734 4436 BTATH_HCRP (a441b800e04cf8443faf519207563abb) C:\Windows\system32\DRIVERS\btath_hcrp.sys

20:01:11.0749 4436 BTATH_HCRP - ok

20:01:11.0874 4436 BTATH_LWFLT (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys

20:01:11.0890 4436 BTATH_LWFLT - ok

20:01:12.0015 4436 BTATH_RCP (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\DRIVERS\btath_rcp.sys

20:01:12.0046 4436 BTATH_RCP - ok

20:01:12.0171 4436 BtFilter (3632fa4c6b3ce9ec827690deac266d8c) C:\Windows\system32\DRIVERS\btfilter.sys

20:01:12.0202 4436 BtFilter - ok

20:01:12.0327 4436 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

20:01:12.0373 4436 BthEnum - ok

20:01:12.0483 4436 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

20:01:12.0545 4436 BTHMODEM - ok

20:01:12.0654 4436 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

20:01:12.0701 4436 BthPan - ok

20:01:12.0826 4436 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

20:01:12.0873 4436 BTHPORT - ok

20:01:12.0982 4436 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

20:01:13.0029 4436 BTHUSB - ok

20:01:13.0122 4436 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:01:13.0231 4436 cdfs - ok

20:01:13.0387 4436 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

20:01:13.0434 4436 cdrom - ok

20:01:13.0543 4436 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

20:01:13.0606 4436 circlass - ok

20:01:13.0699 4436 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:01:13.0731 4436 CLFS - ok

20:01:13.0871 4436 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:01:13.0902 4436 CmBatt - ok

20:01:13.0996 4436 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:01:14.0011 4436 cmdide - ok

20:01:14.0121 4436 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

20:01:14.0167 4436 CNG - ok

20:01:14.0370 4436 CnxtHdAudService (1f394df3714ed4280047810790e6df69) C:\Windows\system32\drivers\CHDRT64.sys

20:01:14.0448 4436 CnxtHdAudService - ok

20:01:14.0557 4436 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:01:14.0573 4436 Compbatt - ok

20:01:14.0698 4436 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

20:01:14.0745 4436 CompositeBus - ok

20:01:14.0869 4436 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

20:01:14.0885 4436 crcdisk - ok

20:01:15.0041 4436 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:01:15.0150 4436 DfsC - ok

20:01:15.0259 4436 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:01:15.0353 4436 discache - ok

20:01:15.0478 4436 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

20:01:15.0509 4436 Disk - ok

20:01:15.0634 4436 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:01:15.0681 4436 drmkaud - ok

20:01:15.0805 4436 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

20:01:15.0837 4436 dtsoftbus01 - ok

20:01:15.0961 4436 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:01:16.0008 4436 DXGKrnl - ok

20:01:16.0133 4436 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys

20:01:16.0195 4436 e1yexpress - ok

20:01:16.0383 4436 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

20:01:16.0554 4436 ebdrv - ok

20:01:16.0695 4436 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

20:01:16.0741 4436 elxstor - ok

20:01:16.0819 4436 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:01:16.0866 4436 ErrDev - ok

20:01:17.0038 4436 ewusbnet (23b79b19f49a037eba4a9a3bb03ed91d) C:\Windows\system32\DRIVERS\ewusbnet.sys

20:01:17.0116 4436 ewusbnet - ok

20:01:17.0241 4436 ew_hwusbdev (e2cbb821c7cae0ef8b56de28ed85c740) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys

20:01:17.0303 4436 ew_hwusbdev - ok

20:01:17.0397 4436 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:01:17.0521 4436 exfat - ok

20:01:17.0615 4436 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:01:17.0709 4436 fastfat - ok

20:01:17.0833 4436 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

20:01:17.0896 4436 fdc - ok

20:01:18.0021 4436 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:01:18.0036 4436 FileInfo - ok

20:01:18.0130 4436 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:01:18.0239 4436 Filetrace - ok

20:01:18.0364 4436 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

20:01:18.0395 4436 flpydisk - ok

20:01:18.0504 4436 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:01:18.0535 4436 FltMgr - ok

20:01:18.0629 4436 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:01:18.0660 4436 FsDepends - ok

20:01:18.0785 4436 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys

20:01:18.0801 4436 fssfltr - ok

20:01:18.0925 4436 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

20:01:18.0957 4436 Fs_Rec - ok

20:01:19.0066 4436 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:01:19.0113 4436 fvevol - ok

20:01:19.0222 4436 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

20:01:19.0237 4436 gagp30kx - ok

20:01:19.0347 4436 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:01:19.0362 4436 GEARAspiWDM - ok

20:01:19.0456 4436 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:01:19.0518 4436 hcw85cir - ok

20:01:19.0643 4436 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

20:01:19.0705 4436 HdAudAddService - ok

20:01:19.0815 4436 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:01:19.0877 4436 HDAudBus - ok

20:01:19.0971 4436 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

20:01:20.0017 4436 HidBatt - ok

20:01:20.0111 4436 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

20:01:20.0173 4436 HidBth - ok

20:01:20.0283 4436 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

20:01:20.0329 4436 HidIr - ok

20:01:20.0454 4436 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

20:01:20.0501 4436 HidUsb - ok

20:01:20.0657 4436 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:01:20.0673 4436 HpSAMD - ok

20:01:20.0813 4436 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:01:20.0922 4436 HTTP - ok

20:01:21.0016 4436 huawei_enumerator (08b1a06a55f068a17a51ba26618cf50f) C:\Windows\system32\DRIVERS\ew_jubusenum.sys

20:01:21.0078 4436 huawei_enumerator - ok

20:01:21.0203 4436 hwdatacard (6e5cd3984742a922d0c183c7e82c3c94) C:\Windows\system32\DRIVERS\ewusbmdm.sys

20:01:21.0265 4436 hwdatacard - ok

20:01:21.0359 4436 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:01:21.0390 4436 hwpolicy - ok

20:01:21.0499 4436 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

20:01:21.0531 4436 i8042prt - ok

20:01:21.0655 4436 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys

20:01:21.0702 4436 iaStor - ok

20:01:21.0843 4436 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:01:21.0874 4436 iaStorV - ok

20:01:22.0389 4436 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys

20:01:23.0059 4436 igfx - ok

20:01:23.0169 4436 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

20:01:23.0200 4436 iirsp - ok

20:01:23.0309 4436 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

20:01:23.0371 4436 IntcDAud - ok

20:01:23.0465 4436 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:01:23.0481 4436 intelide - ok

20:01:23.0590 4436 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:01:23.0637 4436 intelppm - ok

20:01:23.0761 4436 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:01:23.0855 4436 IpFilterDriver - ok

20:01:23.0949 4436 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:01:23.0980 4436 IPMIDRV - ok

20:01:24.0089 4436 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:01:24.0198 4436 IPNAT - ok

20:01:24.0323 4436 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:01:24.0401 4436 IRENUM - ok

20:01:24.0526 4436 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:01:24.0541 4436 isapnp - ok

20:01:24.0635 4436 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:01:24.0666 4436 iScsiPrt - ok

20:01:24.0791 4436 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

20:01:24.0807 4436 kbdclass - ok

20:01:24.0916 4436 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

20:01:24.0963 4436 kbdhid - ok

20:01:25.0056 4436 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

20:01:25.0087 4436 KSecDD - ok

20:01:25.0165 4436 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

20:01:25.0197 4436 KSecPkg - ok

20:01:25.0306 4436 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:01:25.0399 4436 ksthunk - ok

20:01:25.0555 4436 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:01:25.0649 4436 lltdio - ok

20:01:25.0805 4436 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

20:01:25.0821 4436 LSI_FC - ok

20:01:25.0945 4436 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

20:01:25.0977 4436 LSI_SAS - ok

20:01:26.0086 4436 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

20:01:26.0117 4436 LSI_SAS2 - ok

20:01:26.0242 4436 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

20:01:26.0257 4436 LSI_SCSI - ok

20:01:26.0367 4436 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:01:26.0476 4436 luafv - ok

20:01:26.0569 4436 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

20:01:26.0601 4436 megasas - ok

20:01:26.0725 4436 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

20:01:26.0757 4436 MegaSR - ok

20:01:26.0850 4436 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

20:01:26.0866 4436 MEIx64 - ok

20:01:26.0991 4436 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:01:27.0084 4436 Modem - ok

20:01:27.0209 4436 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:01:27.0256 4436 monitor - ok

20:01:27.0381 4436 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:01:27.0396 4436 mouclass - ok

20:01:27.0521 4436 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys

20:01:27.0552 4436 mouhid - ok

20:01:27.0693 4436 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:01:27.0708 4436 mountmgr - ok

20:01:27.0833 4436 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

20:01:27.0849 4436 MpFilter - ok

20:01:27.0942 4436 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:01:27.0973 4436 mpio - ok

20:01:28.0051 4436 MpKsle1e0f04a - ok

20:01:28.0161 4436 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

20:01:28.0176 4436 MpNWMon - ok

20:01:28.0270 4436 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:01:28.0363 4436 mpsdrv - ok

20:01:28.0457 4436 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:01:28.0519 4436 MRxDAV - ok

20:01:28.0613 4436 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:01:28.0691 4436 mrxsmb - ok

20:01:28.0785 4436 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:01:28.0816 4436 mrxsmb10 - ok

20:01:28.0909 4436 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:01:28.0941 4436 mrxsmb20 - ok

20:01:29.0034 4436 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:01:29.0050 4436 msahci - ok

20:01:29.0128 4436 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:01:29.0159 4436 msdsm - ok

20:01:29.0253 4436 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:01:29.0346 4436 Msfs - ok

20:01:29.0440 4436 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:01:29.0549 4436 mshidkmdf - ok

20:01:29.0627 4436 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:01:29.0658 4436 msisadrv - ok

20:01:29.0767 4436 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:01:29.0877 4436 MSKSSRV - ok

20:01:30.0001 4436 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:01:30.0111 4436 MSPCLOCK - ok

20:01:30.0220 4436 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:01:30.0313 4436 MSPQM - ok

20:01:30.0423 4436 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:01:30.0454 4436 MsRPC - ok

20:01:30.0547 4436 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

20:01:30.0579 4436 mssmbios - ok

20:01:30.0688 4436 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:01:30.0781 4436 MSTEE - ok

20:01:30.0875 4436 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

20:01:30.0922 4436 MTConfig - ok

20:01:31.0031 4436 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:01:31.0047 4436 Mup - ok

20:01:31.0187 4436 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:01:31.0265 4436 NativeWifiP - ok

20:01:31.0390 4436 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:01:31.0468 4436 NDIS - ok

20:01:31.0577 4436 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:01:31.0687 4436 NdisCap - ok

20:01:31.0781 4436 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:01:31.0890 4436 NdisTapi - ok

20:01:32.0015 4436 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:01:32.0108 4436 Ndisuio - ok

20:01:32.0218 4436 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:01:32.0311 4436 NdisWan - ok

20:01:32.0420 4436 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:01:32.0514 4436 NDProxy - ok

20:01:32.0670 4436 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:01:32.0764 4436 NetBIOS - ok

20:01:32.0873 4436 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:01:32.0966 4436 NetBT - ok

20:01:33.0122 4436 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

20:01:33.0138 4436 nfrd960 - ok

20:01:33.0263 4436 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

20:01:33.0278 4436 NisDrv - ok

20:01:33.0419 4436 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:01:33.0528 4436 Npfs - ok

20:01:33.0622 4436 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:01:33.0715 4436 nsiproxy - ok

20:01:33.0871 4436 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:01:33.0965 4436 Ntfs - ok

20:01:34.0058 4436 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:01:34.0152 4436 Null - ok

20:01:34.0620 4436 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:01:35.0322 4436 nvlddmkm - ok

20:01:35.0462 4436 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:01:35.0478 4436 nvraid - ok

20:01:35.0618 4436 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:01:35.0634 4436 nvstor - ok

20:01:35.0743 4436 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:01:35.0774 4436 nv_agp - ok

20:01:35.0884 4436 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:01:35.0930 4436 ohci1394 - ok

20:01:36.0055 4436 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

20:01:36.0086 4436 Parport - ok

20:01:36.0180 4436 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

20:01:36.0211 4436 partmgr - ok

20:01:36.0305 4436 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:01:36.0336 4436 pci - ok

20:01:36.0430 4436 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:01:36.0445 4436 pciide - ok

20:01:36.0539 4436 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

20:01:36.0570 4436 pcmcia - ok

20:01:36.0664 4436 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:01:36.0679 4436 pcw - ok

20:01:36.0804 4436 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:01:36.0913 4436 PEAUTH - ok

20:01:37.0100 4436 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:01:37.0194 4436 PptpMiniport - ok

20:01:37.0303 4436 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

20:01:37.0350 4436 Processor - ok

20:01:37.0475 4436 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:01:37.0584 4436 Psched - ok

20:01:37.0740 4436 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

20:01:37.0834 4436 ql2300 - ok

20:01:37.0958 4436 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

20:01:37.0990 4436 ql40xx - ok

20:01:38.0083 4436 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:01:38.0146 4436 QWAVEdrv - ok

20:01:38.0224 4436 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:01:38.0333 4436 RasAcd - ok

20:01:38.0426 4436 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:01:38.0520 4436 RasAgileVpn - ok

20:01:38.0629 4436 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:01:38.0738 4436 Rasl2tp - ok

20:01:38.0848 4436 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:01:38.0957 4436 RasPppoe - ok

20:01:39.0066 4436 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:01:39.0175 4436 RasSstp - ok

20:01:39.0269 4436 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:01:39.0394 4436 rdbss - ok

20:01:39.0487 4436 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

20:01:39.0534 4436 rdpbus - ok

20:01:39.0659 4436 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:01:39.0752 4436 RDPCDD - ok

20:01:39.0893 4436 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:01:39.0986 4436 RDPENCDD - ok

20:01:40.0111 4436 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:01:40.0189 4436 RDPREFMP - ok

20:01:40.0298 4436 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

20:01:40.0361 4436 RDPWD - ok

20:01:40.0470 4436 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:01:40.0501 4436 rdyboost - ok

20:01:40.0642 4436 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

20:01:40.0688 4436 RFCOMM - ok

20:01:40.0813 4436 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys

20:01:40.0844 4436 RSPCIESTOR - ok

20:01:40.0954 4436 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:01:41.0063 4436 rspndr - ok

20:01:41.0188 4436 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys

20:01:41.0219 4436 RTL8167 - ok

20:01:41.0328 4436 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:01:41.0359 4436 sbp2port - ok

20:01:41.0453 4436 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:01:41.0546 4436 scfilter - ok

20:01:41.0671 4436 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

20:01:41.0718 4436 sdbus - ok

20:01:41.0843 4436 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:01:41.0952 4436 secdrv - ok

20:01:42.0061 4436 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

20:01:42.0108 4436 Serenum - ok

20:01:42.0280 4436 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

20:01:42.0326 4436 Serial - ok

20:01:42.0451 4436 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

20:01:42.0482 4436 sermouse - ok

20:01:42.0592 4436 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys

20:01:42.0638 4436 SFEP - ok

20:01:42.0732 4436 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:01:42.0763 4436 sffdisk - ok

20:01:42.0857 4436 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:01:42.0904 4436 sffp_mmc - ok

20:01:42.0997 4436 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:01:43.0060 4436 sffp_sd - ok

20:01:43.0153 4436 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

20:01:43.0200 4436 sfloppy - ok

20:01:43.0325 4436 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

20:01:43.0340 4436 SiSRaid2 - ok

20:01:43.0434 4436 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

20:01:43.0450 4436 SiSRaid4 - ok

20:01:43.0574 4436 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:01:43.0668 4436 Smb - ok

20:01:43.0808 4436 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:01:43.0824 4436 spldr - ok

20:01:43.0933 4436 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:01:44.0011 4436 srv - ok

20:01:44.0120 4436 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:01:44.0167 4436 srv2 - ok

20:01:44.0432 4436 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:01:44.0479 4436 srvnet - ok

20:01:44.0588 4436 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

20:01:44.0604 4436 stexstor - ok

20:01:44.0713 4436 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

20:01:44.0760 4436 StillCam - ok

20:01:44.0869 4436 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

20:01:44.0885 4436 swenum - ok

20:01:45.0072 4436 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

20:01:45.0181 4436 Tcpip - ok

20:01:45.0353 4436 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

20:01:45.0446 4436 TCPIP6 - ok

20:01:45.0556 4436 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:01:45.0649 4436 tcpipreg - ok

20:01:45.0743 4436 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:01:45.0774 4436 TDPIPE - ok

20:01:45.0883 4436 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:01:45.0914 4436 TDTCP - ok

20:01:46.0039 4436 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:01:46.0133 4436 tdx - ok

20:01:46.0242 4436 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

20:01:46.0258 4436 TermDD - ok

20:01:46.0414 4436 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:01:46.0507 4436 tssecsrv - ok

20:01:46.0632 4436 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:01:46.0679 4436 TsUsbFlt - ok

20:01:46.0788 4436 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

20:01:46.0835 4436 TsUsbGD - ok

20:01:46.0960 4436 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:01:47.0053 4436 tunnel - ok

20:01:47.0162 4436 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

20:01:47.0178 4436 uagp35 - ok

20:01:47.0287 4436 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:01:47.0412 4436 udfs - ok

20:01:47.0537 4436 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:01:47.0552 4436 uliagpkx - ok

20:01:47.0662 4436 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

20:01:47.0708 4436 umbus - ok

20:01:47.0818 4436 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

20:01:47.0864 4436 UmPass - ok

20:01:47.0989 4436 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

20:01:48.0052 4436 USBAAPL64 - ok

20:01:48.0130 4436 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:01:48.0192 4436 usbccgp - ok

20:01:48.0301 4436 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:01:48.0348 4436 usbcir - ok

20:01:48.0442 4436 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

20:01:48.0489 4436 usbehci - ok

20:01:48.0598 4436 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:01:48.0645 4436 usbhub - ok

20:01:48.0754 4436 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:01:48.0801 4436 usbohci - ok

20:01:48.0910 4436 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

20:01:48.0957 4436 usbprint - ok

20:01:49.0050 4436 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:01:49.0113 4436 USBSTOR - ok

20:01:49.0191 4436 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:01:49.0237 4436 usbuhci - ok

20:01:49.0362 4436 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

20:01:49.0393 4436 usbvideo - ok

20:01:49.0549 4436 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:01:49.0581 4436 vdrvroot - ok

20:01:49.0705 4436 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:01:49.0737 4436 vga - ok

20:01:49.0830 4436 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:01:49.0939 4436 VgaSave - ok

20:01:50.0033 4436 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:01:50.0064 4436 vhdmp - ok

20:01:50.0158 4436 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:01:50.0173 4436 viaide - ok

20:01:50.0298 4436 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:01:50.0314 4436 volmgr - ok

20:01:50.0407 4436 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:01:50.0454 4436 volmgrx - ok

20:01:50.0548 4436 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:01:50.0579 4436 volsnap - ok

20:01:50.0688 4436 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

20:01:50.0719 4436 vsmraid - ok

20:01:50.0829 4436 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

20:01:50.0875 4436 vwifibus - ok

20:01:50.0985 4436 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

20:01:51.0031 4436 vwififlt - ok

20:01:51.0141 4436 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

20:01:51.0172 4436 WacomPen - ok

20:01:51.0297 4436 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:01:51.0390 4436 WANARP - ok

20:01:51.0437 4436 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:01:51.0515 4436 Wanarpv6 - ok

20:01:51.0640 4436 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

20:01:51.0671 4436 Wd - ok

20:01:51.0780 4436 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:01:51.0827 4436 Wdf01000 - ok

20:01:51.0983 4436 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:01:52.0061 4436 WfpLwf - ok

20:01:52.0170 4436 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:01:52.0201 4436 WIMMount - ok

20:01:52.0357 4436 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

20:01:52.0404 4436 WinUsb - ok

20:01:52.0529 4436 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:01:52.0576 4436 WmiAcpi - ok

20:01:52.0716 4436 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:01:52.0810 4436 ws2ifsl - ok

20:01:52.0919 4436 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:01:53.0028 4436 WudfPf - ok

20:01:53.0137 4436 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:01:53.0247 4436 WUDFRd - ok

20:01:53.0325 4436 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:01:53.0512 4436 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:01:53.0512 4436 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:01:53.0512 4436 Boot (0x1200) (98148951e402b4b6d374314607dab173) \Device\Harddisk0\DR0\Partition0

20:01:53.0527 4436 \Device\Harddisk0\DR0\Partition0 - ok

20:01:53.0559 4436 Boot (0x1200) (d7d32eab8f1429481aa0b831ff1f6124) \Device\Harddisk0\DR0\Partition1

20:01:53.0559 4436 \Device\Harddisk0\DR0\Partition1 - ok

20:01:53.0559 4436 ============================================================

20:01:53.0559 4436 Scan finished

20:01:53.0559 4436 ============================================================

20:01:53.0590 4404 Detected object count: 1

20:01:53.0590 4404 Actual detected object count: 1

20:02:40.0265 4404 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:02:40.0265 4404 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

Copy and paste these lines in Notepad.

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

Save as flush.bat to your desktop. Double click to run.

*** note: Win Vista and Win 7 need to right click and choose to "run as Administrator" .. the computer will reboot itself.

Next:

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ally :: ALLY-VAIO [administrator]

15/03/2012 20:35:11

mbam-log-2012-03-15 (20-38-23).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 193019

Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

Link to post
Share on other sites

Lets do this first.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix Results

ComboFix 12-03-15.03 - Ally 15/03/2012 21:12:13.5.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4044.2375 [GMT 0:00]

Running from: c:\users\Ally\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))

.

.

2012-03-15 21:21 . 2012-03-15 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-15 20:34 . 2012-03-15 20:34 -------- d-----w- c:\users\Ally\AppData\Local\Adobe

2012-03-14 21:19 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 21:19 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 21:19 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 20:01 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D85F860-5C37-4A30-A025-9C99E89933F3}\mpengine.dll

2012-03-14 19:30 . 2012-03-14 19:30 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-14 18:41 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 18:41 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 18:41 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 18:40 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 18:40 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 18:40 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 18:40 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 18:40 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 18:40 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 18:40 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 19:39 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe

2012-03-13 19:17 . 2012-03-13 19:17 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\9424.tmp

2012-03-13 19:17 . 2012-03-13 19:17 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\9423.tmp

2012-03-11 18:25 . 2012-03-11 18:25 -------- d-----w- c:\program files\iPod

2012-03-11 18:25 . 2012-03-11 18:26 -------- d-----w- c:\program files\iTunes

2012-03-04 15:51 . 2012-03-04 15:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-03-04 15:51 . 2012-03-04 15:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-03-04 15:51 . 2012-03-04 15:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-03-04 15:51 . 2012-03-04 15:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-03-04 15:51 . 2012-03-04 15:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-03-04 15:51 . 2012-03-04 15:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-03-04 15:51 . 2012-03-04 15:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-03-04 15:50 . 2012-03-04 15:51 -------- d-----w- c:\program files (x86)\QuickTime

2012-03-03 14:28 . 2012-03-03 14:28 -------- d-----w- c:\programdata\Telefónica

2012-03-03 14:28 . 2012-03-03 14:28 -------- d-----w- c:\users\Ally\AppData\Roaming\Telefónica

2012-02-25 17:50 . 2012-02-25 17:50 -------- d-----w- c:\users\Ally\AppData\Local\HP

2012-02-19 13:08 . 2012-02-19 16:23 -------- d-----w- c:\users\Ally\AppData\Roaming\Ibz

2012-02-19 13:08 . 2012-02-19 16:21 -------- d-----w- c:\users\Ally\AppData\Roaming\Wodaxeo

2012-02-16 19:59 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-16 19:59 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-16 19:59 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-16 19:59 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-16 19:59 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-16 19:58 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 19:58 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-19 11:41 . 2012-01-30 18:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-11 10:07 . 2012-02-11 10:07 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53D56FF7-CB18-4EB3-88F3-B3095FBDC192}\gapaengine.dll

2012-02-08 07:13 . 2012-01-30 18:50 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-04 17:37 . 2012-02-04 17:37 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll

2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-30 18:57 . 2012-01-30 18:57 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-01-28 20:32 . 2012-01-28 20:32 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-01-28 20:32 . 2012-01-28 20:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-01-28 20:32 . 2012-01-28 20:32 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-01-28 16:42 . 2012-01-28 16:42 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-01-28 16:27 . 2012-02-11 10:07 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files (x86)\Astroburn Toolbar\ABToolbar.dll" [2011-05-23 1000768]

.

[HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]

[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]

[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 MpKsle1e0f04a;MpKsle1e0f04a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0D86917-3E75-4269-8CFE-14D3C36ADDB0}\MpKsle1e0f04a.sys [x]

R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-30 1038088]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-29 91296]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-29 2361344]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\O2\Connection Manager\ImpWiFiSvc.exe [2010-08-02 199600]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-10-27 1429608]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 45967696

*Deregistered* - 45967696

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1856347766-3132211059-3099384091-1001Core.job

- c:\users\Ally\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-28 16:42]

.

2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1856347766-3132211059-3099384091-1001UA.job

- c:\users\Ally\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-28 16:42]

.

2012-03-15 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-11-16 10:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files (x86)\Astroburn Toolbar\ABToolbar64.dll" [2011-05-23 1536320]

.

[HKEY_CLASSES_ROOT\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}]

[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]

[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-29 790688]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-29 657568]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418328]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = astroburn-search.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Ally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Ally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\zfhpbylu.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-15 21:25:49

ComboFix-quarantined-files.txt 2012-03-15 21:25

.

Pre-Run: 331,199,717,376 bytes free

Post-Run: 331,139,817,472 bytes free

.

- - End Of File - - 41233311DA5270273DA2BC869A4617A2

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ally :: ALLY-VAIO [administrator]

15/03/2012 21:32:19

mbam-log-2012-03-15 (21-35-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196271

Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

Link to post
Share on other sites

  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and if required the program will ask you to reboot to remove locked files.

Link to post
Share on other sites

Ok, told it to Remove and MBAM restarted computer. Ran MBAM when it rebooted, results below.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ally :: ALLY-VAIO [administrator]

15/03/2012 21:45:54

mbam-log-2012-03-15 (21-45-54).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196348

Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Securing Your Web Browser
    This paper will help you configure your web browser for safer internet surfing.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Thank you very much for your help :D As soon as I get home tonight I will make sure my browser is secure. Anti virus is already up to date and switched back on and firewall is in place too. Computer seemed fine when I left it, no problems. Thanks again.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.