Jump to content
JoeyT

Help with infection

Recommended Posts

I couldn't get back onto this website jsut then so had to run Roguekiller again.. Here's the log:

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: teng [Admin rights]

Mode: Remove -- Date: 07/14/2012 03:24:54

¤¤¤ Bad processes: 2 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> DELETED

[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> REPLACED (userinit.exe)

[HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

--- User ---

[MBR] b920a0ccdea031bc9d9ac6253324ac86

[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[20].txt >>

RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;

RKreport[1].txt ; RKreport[20].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;

RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

Share this post


Link to post
Share on other sites

here's the Combofix log:

ComboFix 12-07-13.03 - teng 14/07/2012 3:03.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4078.2018 [GMT 10:00]

Running from: c:\users\teng\Desktop\comb\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\teng\AppData\Local\rbimvufg.log

c:\users\teng\AppData\Local\vtvtfqre.log

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Micorsoft Windows Service

.

.

((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

.

.

2012-07-13 17:12 . 2012-07-13 17:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-13 17:12 . 2012-07-13 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-13 14:32 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5315522-B650-432B-83A2-5224866DBA40}\mpengine.dll

2012-07-13 04:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-13 04:34 . 2012-07-13 13:02 5928 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP

2012-07-04 23:43 . 2012-02-11 02:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC15901-BC2F-49B5-9312-41E282B69352}\gapaengine.dll

2012-07-03 06:39 . 2012-07-03 06:39 -------- d-----w- C:\RS1-0A-AW1.1_DES

2012-07-03 06:01 . 2012-07-03 06:01 -------- d-----w- C:\SHERLOCK_HOLMES_GAME_OF_SHADOW

2012-06-26 07:06 . 2012-06-26 07:06 -------- d-----w- C:\THE_THREE_MUSKETEERS

2012-06-26 06:32 . 2012-06-26 06:32 -------- d-----w- C:\ANY_GIVEN_SUNDAY

2012-06-26 06:21 . 2012-06-26 06:21 -------- d-----w- C:\HANGOVER_PART_2

2012-06-26 06:10 . 2012-06-26 06:10 -------- d-----w- C:\IN_TIME

2012-06-26 05:46 . 2012-06-26 05:46 -------- d-----w- C:\UNDERWORLD_AWAKENING

2012-06-21 02:39 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-21 02:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-20 10:15 . 2012-06-20 10:15 -------- d-----w- c:\windows\system32\SPReview

2012-06-20 10:13 . 2012-06-20 10:13 -------- d-----w- c:\windows\system32\EventProviders

2012-06-14 04:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 04:39 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 04:39 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 04:39 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 04:39 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll

2012-06-14 04:39 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-14 04:39 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-14 04:39 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-14 04:37 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-14 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-14 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 04:37 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-14 04:37 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 04:37 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 04:37 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-14 04:37 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 03:46 . 2011-05-08 05:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-20 10:37 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-06-20 10:37 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-06-02 22:19 . 2012-06-08 23:00 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-08 23:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-08 23:00 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-08 23:00 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-08 23:00 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-08 23:00 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-08 23:00 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 05:19 . 2012-06-08 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 05:15 . 2012-06-08 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-23 05:42 . 2012-05-23 05:42 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2003-11-24 04:53 . 2010-10-22 10:23 94208 ----a-w- c:\program files\UI_RES.dll

2003-11-07 09:55 . 2010-10-22 10:23 278528 ----a-w- c:\program files\CLInet.dll

2003-11-07 09:55 . 2010-10-22 10:23 413696 ----a-w- c:\program files\PowerDVD.exe

2003-11-07 09:55 . 2010-10-22 10:23 311296 ----a-w- c:\program files\dvd_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 294912 ----a-w- c:\program files\Vr_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 192512 ----a-w- c:\program files\vcd20_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 159744 ----a-w- c:\program files\dxm_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 286720 ----a-w- c:\program files\AppBarCom.dll

2003-11-07 09:55 . 2010-10-22 10:23 147456 ----a-w- c:\program files\acd_x.imp

2003-10-31 09:45 . 2010-10-22 10:23 118784 ----a-w- c:\program files\CLDShowX.dll

2003-10-31 09:42 . 2010-10-22 10:23 32768 ----a-w- c:\program files\PDVDServ.exe

2003-10-31 09:39 . 2010-10-22 10:23 323584 ----a-w- c:\program files\ddtester.exe

2003-10-31 09:39 . 2010-10-22 10:23 274432 ----a-w- c:\program files\cldma.exe

2003-10-31 09:39 . 2010-10-22 10:23 167936 ----a-w- c:\program files\cltest.exe

2003-10-31 09:39 . 2010-10-22 10:23 57344 ----a-w- c:\program files\dvdrgn.exe

2003-10-15 11:49 . 2010-10-22 10:23 77824 ----a-w- c:\program files\PwrDVDRC.dll

2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\OSD_MLang.dll

2003-10-15 11:49 . 2010-10-22 10:23 327680 ------w- c:\program files\CLAudRC.dll

2003-10-15 11:49 . 2010-10-22 10:23 327680 ----a-w- c:\program files\DVD_RES.dll

2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\AppBarCom_RES.dll

1999-02-01 14:00 . 2010-10-22 10:23 266293 ----a-w- c:\program files\msvcrt.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-13_14.19.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-13 16:58 16384 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat

- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat

+ 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat

+ 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-13 16:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\History\History.IE5\index.dat

- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-13 16:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-11-23 20:17 . 2012-07-13 15:49 81358 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-11-23 20:17 . 2012-07-13 14:00 81358 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-13 17:16 44570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-07-28 21:56 . 2012-07-13 15:49 22660 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-261071132-451565413-1473889226-1000_UserData.bin

- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-13 16:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-07-13 17:02 . 2012-07-13 17:13 3056 c:\windows\SoftwareDistribution\PostRebootEventCache\{003AE53D-B7A2-4F1C-A7E9-40EBD8DD1C64}.bin

+ 2009-11-23 20:10 . 2012-07-13 17:13 4255 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2009-11-23 20:10 . 2012-07-13 14:17 4255 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2012-07-13 17:14 . 2012-07-13 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-13 14:18 . 2012-07-13 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-13 14:18 . 2012-07-13 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-13 17:14 . 2012-07-13 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-13 14:03 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll

- 2011-07-08 04:57 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll

- 2009-07-14 02:36 . 2012-07-13 14:05 648596 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-13 15:53 648596 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-07-13 14:05 118726 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-07-13 15:53 118726 c:\windows\system32\perfc009.dat

- 2012-06-16 08:57 . 2012-07-13 14:17 485440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-06-16 08:57 . 2012-07-13 17:13 485440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-07-13 17:13 423752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-07-13 14:17 423752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-07-08 04:57 . 2010-11-20 13:25 1133568 c:\windows\system32\cdosys.dll

+ 2012-07-13 14:03 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll

+ 2011-08-02 09:09 . 2012-07-13 17:13 2732620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-261071132-451565413-1473889226-1000-12288.dat

+ 2012-05-29 21:18 . 2012-05-29 21:18 1739264 c:\windows\Installer\4649d4.msp

+ 2009-07-14 02:34 . 2012-07-13 17:13 10698752 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2012-07-13 17:13 . 2012-07-13 17:13 10698752 c:\windows\erdnt\subs\SCHEMA.DAT

+ 2012-07-13 17:01 . 2012-07-13 17:02 10698752 c:\windows\erdnt\Hiv-backup\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Akamai NetSession Interface"="c:\users\teng\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

"PjbHcvsk"="c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]

"SpySweeperRegister"="c:\program files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe" [2009-10-23 2522992]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

pjbhcvsk.exe [2012-7-11 90944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-11-24 16:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]

R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-05 169312]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]

R3 SampleCollector;Intel® Sample Collector;c:\program files\SONY\VAIO Care\collsvc.exe [2009-09-16 167424]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]

R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]

R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]

R3 VUAgent;VUAgent;c:\program files\SONY\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]

S2 VSNService;VSNService;c:\program files\SONY\VAIO Smart Network\VSNService.exe [2009-10-30 815104]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]

S3 NETw5s64;?? Windows 7 64 Bit ? Intel® Wireless WiFi Link ???????;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8306208]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"combofix"="c:\combofix\CF9285.3XE" [2010-11-20 345088]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://ninemsn.com.au/?pc=MASN&ocid=SNYDHP

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\745756374702E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\84F67745F634F6E6E656364745F6551575962756C6563737: NameServer = 8.8.8.8,8.8.4.4

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - ProfilePath - c:\users\teng\AppData\Roaming\Mozilla\Firefox\Profiles\6xnnr94k.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\SONY\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b2,92,e2,3a,83,a1,33,5b,90,3a,a7,e6,14,82,2c,52,85,bb,9c,2a,ad,33,a6,

84,2a,84,ba,41,4a,17,c5,5a,2f,80,07,75,b2,98,7b,87,08,3d,aa,2c,03,c8,98,b1,\

"??"=hex:5e,e9,49,52,27,89,b3,70,f8,d6,c9,78,44,09,2e,90

.

[HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\License information*]

"datasecu"=hex:be,ef,fc,49,0f,89,47,53,75,72,55,0a,b6,12,24,11,94,8d,36,85,8a,

a8,2b,b8,1c,9c,de,68,6c,bf,59,8d,04,00,45,bb,49,18,4c,66,99,8b,8d,26,05,cb,\

"rkeysecu"=hex:28,9e,cd,39,00,bc,c4,a6,03,15,d0,77,e8,94,06,03

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\program files (x86)\SONY\VAIO Event Service\VESMgr.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\SONY\VAIO Event Service\VESMgrSub.exe

c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

.

**************************************************************************

.

Completion time: 2012-07-14 03:23:03 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-13 17:23

ComboFix2.txt 2012-07-13 15:34

ComboFix3.txt 2012-07-13 14:27

.

Pre-Run: 50,782,863,360 bytes free

Post-Run: 49,932,316,672 bytes free

.

- - End Of File - - 53171CAA937A737E9B3C03CC668CF650

Share this post


Link to post
Share on other sites

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

File::

c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

pjbhcvsk.exe

c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe

Folder::

c:\users\teng\AppData\Local\hdjurvjw

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PjbHcvsk"=-

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Share this post


Link to post
Share on other sites

should i complete MBAM full scan first or just go straight into the Combofix?

Share this post


Link to post
Share on other sites

heres the Combofix log (running MBAM now):

ComboFix 12-07-13.03 - teng 14/07/2012 3:51.4.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4078.1881 [GMT 10:00]

Running from: c:\users\teng\Desktop\comb\ComboFix.exe

Command switches used :: c:\users\teng\Desktop\comb\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\teng\AppData\Local\dacdwkjw.log

c:\users\teng\AppData\Local\fvswgmnd.log

c:\users\teng\AppData\Local\hdjurvjw

c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe

c:\users\teng\AppData\Local\jhlmlsnb.log

c:\users\teng\AppData\Local\qkbydubj.log

c:\users\teng\AppData\Local\rbimvufg.log

c:\users\teng\AppData\Local\sxxctcia.log

c:\users\teng\AppData\Local\uhcjuvoo.log

c:\users\teng\AppData\Local\vtvtfqre.log

.

.

((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

.

.

2012-07-13 18:08 . 2012-07-13 18:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-13 18:08 . 2012-07-13 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-13 14:32 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5315522-B650-432B-83A2-5224866DBA40}\mpengine.dll

2012-07-13 04:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-13 04:34 . 2012-07-13 13:02 5928 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP

2012-07-10 23:52 . 2012-07-10 23:52 90944 --s---w- c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe

2012-07-04 23:43 . 2012-02-11 02:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC15901-BC2F-49B5-9312-41E282B69352}\gapaengine.dll

2012-07-03 06:39 . 2012-07-03 06:39 -------- d-----w- C:\RS1-0A-AW1.1_DES

2012-07-03 06:01 . 2012-07-03 06:01 -------- d-----w- C:\SHERLOCK_HOLMES_GAME_OF_SHADOW

2012-06-26 07:06 . 2012-06-26 07:06 -------- d-----w- C:\THE_THREE_MUSKETEERS

2012-06-26 06:32 . 2012-06-26 06:32 -------- d-----w- C:\ANY_GIVEN_SUNDAY

2012-06-26 06:21 . 2012-06-26 06:21 -------- d-----w- C:\HANGOVER_PART_2

2012-06-26 06:10 . 2012-06-26 06:10 -------- d-----w- C:\IN_TIME

2012-06-26 05:46 . 2012-06-26 05:46 -------- d-----w- C:\UNDERWORLD_AWAKENING

2012-06-21 02:39 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-21 02:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-20 10:15 . 2012-06-20 10:15 -------- d-----w- c:\windows\system32\SPReview

2012-06-20 10:13 . 2012-06-20 10:13 -------- d-----w- c:\windows\system32\EventProviders

2012-06-14 04:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 04:39 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 04:39 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 04:39 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 04:39 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll

2012-06-14 04:39 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-14 04:39 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-14 04:39 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-14 04:37 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-14 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-14 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 04:37 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-14 04:37 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 04:37 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 04:37 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-14 04:37 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 03:46 . 2011-05-08 05:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-20 10:37 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-06-20 10:37 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-06-02 22:19 . 2012-06-08 23:00 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-08 23:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-08 23:00 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-08 23:00 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-08 23:00 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-08 23:00 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-08 23:00 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 05:19 . 2012-06-08 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 05:15 . 2012-06-08 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-23 05:42 . 2012-05-23 05:42 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2003-11-24 04:53 . 2010-10-22 10:23 94208 ----a-w- c:\program files\UI_RES.dll

2003-11-07 09:55 . 2010-10-22 10:23 278528 ----a-w- c:\program files\CLInet.dll

2003-11-07 09:55 . 2010-10-22 10:23 413696 ----a-w- c:\program files\PowerDVD.exe

2003-11-07 09:55 . 2010-10-22 10:23 311296 ----a-w- c:\program files\dvd_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 294912 ----a-w- c:\program files\Vr_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 192512 ----a-w- c:\program files\vcd20_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 159744 ----a-w- c:\program files\dxm_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 286720 ----a-w- c:\program files\AppBarCom.dll

2003-11-07 09:55 . 2010-10-22 10:23 147456 ----a-w- c:\program files\acd_x.imp

2003-10-31 09:45 . 2010-10-22 10:23 118784 ----a-w- c:\program files\CLDShowX.dll

2003-10-31 09:42 . 2010-10-22 10:23 32768 ----a-w- c:\program files\PDVDServ.exe

2003-10-31 09:39 . 2010-10-22 10:23 323584 ----a-w- c:\program files\ddtester.exe

2003-10-31 09:39 . 2010-10-22 10:23 274432 ----a-w- c:\program files\cldma.exe

2003-10-31 09:39 . 2010-10-22 10:23 167936 ----a-w- c:\program files\cltest.exe

2003-10-31 09:39 . 2010-10-22 10:23 57344 ----a-w- c:\program files\dvdrgn.exe

2003-10-15 11:49 . 2010-10-22 10:23 77824 ----a-w- c:\program files\PwrDVDRC.dll

2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\OSD_MLang.dll

2003-10-15 11:49 . 2010-10-22 10:23 327680 ------w- c:\program files\CLAudRC.dll

2003-10-15 11:49 . 2010-10-22 10:23 327680 ----a-w- c:\program files\DVD_RES.dll

2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\AppBarCom_RES.dll

1999-02-01 14:00 . 2010-10-22 10:23 266293 ----a-w- c:\program files\msvcrt.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-13_14.19.17 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-11-23 20:17 . 2012-07-13 14:00 81358 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-11-23 20:17 . 2012-07-13 15:49 81358 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-13 17:16 44570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-07-28 21:56 . 2012-07-13 15:49 22660 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-261071132-451565413-1473889226-1000_UserData.bin

+ 2009-12-27 11:45 . 2012-07-13 17:51 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-27 11:45 . 2012-07-13 17:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-13 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-07-13 17:18 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-07-13 17:02 . 2012-07-13 18:08 3056 c:\windows\SoftwareDistribution\PostRebootEventCache\{003AE53D-B7A2-4F1C-A7E9-40EBD8DD1C64}.bin

+ 2009-11-23 20:10 . 2012-07-13 17:13 4255 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2009-11-23 20:10 . 2012-07-13 14:17 4255 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2012-07-13 14:18 . 2012-07-13 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-13 17:14 . 2012-07-13 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-13 17:14 . 2012-07-13 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-13 14:18 . 2012-07-13 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-13 14:03 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll

- 2011-07-08 04:57 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll

- 2009-07-14 02:36 . 2012-07-13 14:05 648596 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-13 17:21 648596 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-07-13 14:05 118726 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-07-13 17:21 118726 c:\windows\system32\perfc009.dat

- 2012-06-16 08:57 . 2012-07-13 14:17 485440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-06-16 08:57 . 2012-07-13 17:13 485440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-07-13 17:13 423752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-07-13 14:17 423752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-07-13 14:03 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll

- 2011-07-08 04:57 . 2010-11-20 13:25 1133568 c:\windows\system32\cdosys.dll

+ 2009-07-14 04:45 . 2012-07-13 17:18 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2012-06-21 02:53 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-08-02 09:09 . 2012-07-13 17:13 2732620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-261071132-451565413-1473889226-1000-12288.dat

+ 2012-05-29 21:18 . 2012-05-29 21:18 1739264 c:\windows\Installer\4649d4.msp

+ 2009-07-14 02:34 . 2012-07-13 17:13 10698752 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2012-07-13 17:13 . 2012-07-13 17:13 10698752 c:\windows\erdnt\subs\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Akamai NetSession Interface"="c:\users\teng\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]

"SpySweeperRegister"="c:\program files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe" [2009-10-23 2522992]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

pjbhcvsk.exe [2012-7-11 90944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-11-24 16:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]

R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-05 169312]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]

R3 SampleCollector;Intel® Sample Collector;c:\program files\SONY\VAIO Care\collsvc.exe [2009-09-16 167424]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]

R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]

R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]

R3 VUAgent;VUAgent;c:\program files\SONY\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]

S2 VSNService;VSNService;c:\program files\SONY\VAIO Smart Network\VSNService.exe [2009-10-30 815104]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]

S3 NETw5s64;?? Windows 7 64 Bit ? Intel® Wireless WiFi Link ???????;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8306208]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://ninemsn.com.au/?pc=MASN&ocid=SNYDHP

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\745756374702E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\84F67745F634F6E6E656364745F6551575962756C6563737: NameServer = 8.8.8.8,8.8.4.4

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - ProfilePath - c:\users\teng\AppData\Roaming\Mozilla\Firefox\Profiles\6xnnr94k.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\SONY\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b2,92,e2,3a,83,a1,33,5b,90,3a,a7,e6,14,82,2c,52,85,bb,9c,2a,ad,33,a6,

84,2a,84,ba,41,4a,17,c5,5a,2f,80,07,75,b2,98,7b,87,08,3d,aa,2c,03,c8,98,b1,\

"??"=hex:5e,e9,49,52,27,89,b3,70,f8,d6,c9,78,44,09,2e,90

.

[HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\License information*]

"datasecu"=hex:be,ef,fc,49,0f,89,47,53,75,72,55,0a,b6,12,24,11,94,8d,36,85,8a,

a8,2b,b8,1c,9c,de,68,6c,bf,59,8d,04,00,45,bb,49,18,4c,66,99,8b,8d,26,05,cb,\

"rkeysecu"=hex:28,9e,cd,39,00,bc,c4,a6,03,15,d0,77,e8,94,06,03

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-14 04:29:15

ComboFix-quarantined-files.txt 2012-07-13 18:29

ComboFix2.txt 2012-07-13 17:23

ComboFix3.txt 2012-07-13 15:34

ComboFix4.txt 2012-07-13 14:27

.

Pre-Run: 49,996,918,784 bytes free

Post-Run: 49,699,430,400 bytes free

.

- - End Of File - - E309C808C1C3AE1BF84B1944FC721CEB

Share this post


Link to post
Share on other sites

I messed up with the script, can you manually delete this one:

c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe

Then run another RogueKiller scan and we'll see > post the log, MrC

Share this post


Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Share this post


Link to post
Share on other sites

I ran the process, had to reboot and when i did reboot I had the same problem with not being able to open this page. Once again used RogueKiller (same problem as before. here's the log for the manual deletion:

All processes killed

Error: Unable to interpret <:Filesc:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe:Commands[EMPTYJAVA][emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.54.0 log created on 07142012_055548

Share this post


Link to post
Share on other sites

The fix didn't work, the script wasn't entered properly, please try it again.

Here it is > copy and paste this in exactly as it is and hit Run Fix: (it won't reboot)

:Files

c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe

MrC

Share this post


Link to post
Share on other sites

Here is the log:

========== FILES ==========

c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe moved successfully.

OTL by OldTimer - Version 3.2.54.0 log created on 07142012_061712

Share this post


Link to post
Share on other sites

This is the one I ran after the reboot. Did you want a fresh one?

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: teng [Admin rights]

Mode: Remove -- Date: 07/14/2012 06:02:14

¤¤¤ Bad processes: 2 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> DELETED

[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> REPLACED (userinit.exe)

[HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

--- User ---

[MBR] b920a0ccdea031bc9d9ac6253324ac86

[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[22].txt >>

RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;

RKreport[1].txt ; RKreport[20].txt ; RKreport[21].txt ; RKreport[22].txt ; RKreport[2].txt ;

RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ;

RKreport[8].txt ; RKreport[9].txt

Share this post


Link to post
Share on other sites

Heres the report (I didn't reboot before running this though):

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: teng [Admin rights]

Mode: Scan -- Date: 07/14/2012 06:23:39

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] OTL.exe -- C:\Users\teng\Desktop\OTL.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

--- User ---

[MBR] b920a0ccdea031bc9d9ac6253324ac86

[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[23].txt >>

RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;

RKreport[1].txt ; RKreport[20].txt ; RKreport[21].txt ; RKreport[22].txt ; RKreport[23].txt ;

RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ;

RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

Share this post


Link to post
Share on other sites

That looks OK, due to the infections you had we have to run one more scan, it may take a while to complete so please be prepared:

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Share this post


Link to post
Share on other sites

sorry for the long wait. Finally finished the scan. Found 7 infected files and cleaned 6. It is currently on the end screen which gives the option to manage quaratine (I haven't done/do know what to do). here is the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=b7ea67d7c8fed64fa0969736b6390be1

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-07-13 11:30:35

# local_time=2012-07-14 09:30:35 (+1000, E. Australia Standard Time)

# country="Australia"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 2015019 93841653 0 0

# compatibility_mode=8192 67108863 100 0 395 395 0 0

# scanned=255282

# found=7

# cleaned=6

# scan_time=10432

C:\Qoobox\Quarantine\C\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe.vir a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\teng\AppData\Local\Temp\hovcexutiovmkrtn.exe a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\teng\Desktop\RK_Quarantine\hovcexutiovmkrtn.exe.vir a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\teng\Desktop\RK_Quarantine\pjbhcvsk.exe.vir a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07142012_061712\c_users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

${Memory} a variant of Win32/Ramnit.L virus 00000000000000000000000000000000 I

.

Share this post


Link to post
Share on other sites

OK, they were all in quarantined folders.

What options does it give you?? MrC

Share this post


Link to post
Share on other sites

option are:

  • list of found threats
  • manage quaratine

Select uninstall if you want to remove all ESET Online Scneer files from yourcomputer. The next time you run the ESET Online Scanner, they will need to be downloaded again

  • unistall application on close
  • delete quarantined files

Share this post


Link to post
Share on other sites

It seemed to close out itself. It didn't really say if anything happened or provide a log

Share this post


Link to post
Share on other sites

OK, use it and see how it is.

I've been a little concerned that you were infected with a polymorphic file infector and this was in the scan you just ran:

${Memory} a variant of Win32/Ramnit.L virus 00000000000000000000000000000000 I

Win32/Ramnit.L virus is exactly that, so use it for a day or two and see if it comes back.

You can tell by running RogueKiller again.

Let me know, MrC

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.