anm81 Posted August 15, 2012 ID:585800 Share Posted August 15, 2012 Symantec gave me a warning of a trojan.zeroaccess!inf but was unable to remove it. This particular bug apparently installs new malware on the PC even after running various anti-malware programs to rid of the previous malware. I am using Windows 7 Home Prem. 64-bit SP1 with Intel Core 2 Duo processor t6600 2.2 GHz (each) [sony VAIO - VGN-NW270F ] Link to post Share on other sites More sharing options...
anm81 Posted August 15, 2012 Author ID:585803 Share Posted August 15, 2012 Full Path: c:\windows\system32\services.exeThreat: Trojan.Zeroaccess!inf4________________________________________________________On computers as of 8/14/2012 at 4:57:30 PMLast Used 8/15/2012 at 8:22:26 AMStartup Item NoLaunched No________________________________________________________Many UsersThousands of users in the Norton Community have used this file.____________________________MatureThis file was released 3 months ago.____________________________HighThis file risk is high.____________________________Threat DetailsThreat type: Spyware. Programs that actively track and send personal or confidential information to third parties.____________________________Source File:services.exe____________________________File ActionsInfected file: c:\windows\system32\services.exeManual removal required____________________________File Thumbprint - SHA:63541e3432fce953f266ae553e7a394978d6ee3db52388d885f668cf42c5e7e2____________________________File Thumbprint - MD5:014a9cb92514e27c0107614df764bc06____________________________Full Path: c:\windows\system32\services.exeThreat: Trojan.Zeroaccess!inf4________________________________________________________On computers as of 8/14/2012 at 7:57:07 PMLast Used 8/14/2012 at 7:59:08 PMStartup Item NoLaunched No________________________________________________________Many UsersThousands of users in the Norton Community have used this file.____________________________MatureThis file was released 3 months ago.____________________________HighThis file risk is high.____________________________Threat DetailsThreat type: Spyware. Programs that actively track and send personal or confidential information to third parties.____________________________Source File:services.exe____________________________File ActionsFile: c:\windows\system32\services.exeNo fix attemptedInfected file: c:\windows\system32\services.exeManual removal required____________________________File Thumbprint - SHA:63541e3432fce953f266ae553e7a394978d6ee3db52388d885f668cf42c5e7e2____________________________File Thumbprint - MD5:014a9cb92514e27c0107614df764bc06____________________________ Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2012 ID:585864 Share Posted August 16, 2012 Welcome to the forum, please start at the link below:http://forums.malwar...?showtopic=9573Post back the 2 logs here.....DDS.txt and Attach.txt<====><====><====><====><====><====><====><====>Next.......Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC Link to post Share on other sites More sharing options...
anm81 Posted August 16, 2012 Author ID:585889 Share Posted August 16, 2012 Here are the logs from the dot.com diagnostic: .DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421Run by Anthony at 18:58:14 on 2012-08-15Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6224 [GMT -6:00].AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exeC:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\WUDFHost.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exeC:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exeC:\Program Files\Apoint\Apoint.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Microsoft Device Center\itype.exeC:\Program Files\Microsoft Device Center\ipoint.exeC:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exeC:\Program Files (x86)\Winamp\winampa.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\Apoint\ApMsgFwd.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Apoint\Apvfb.exeC:\Windows\system32\conhost.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files\Sony\VAIO Care\collsvc.exeC:\Program Files\Sony\VAIO Care\listener.exeC:\Program Files\Sony\VAIO Care\VCsystray.exeC:\Program Files\Sony\VAIO Care\VCService.exeC:\Program Files\Sony\VAIO Care\VCAgent.exeC:\Windows\System32\vds.exeC:\Program Files\Sony\VAIO Care\Admload.exeC:\Program Files (x86)\Opera\opera.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\WSCStub.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNTBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - mscoree.dllBHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dllBHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLLBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dllTB: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - mscoree.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllmRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartupmRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exemRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startupmPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllLSP: mswsock.dllDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabTCP: DhcpNameServer = 192.168.2.1TCP: Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495} : DhcpNameServer = 208.180.42.100 208.180.42.68TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB} : DhcpNameServer = 192.168.2.1TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2516D6164616 : DhcpNameServer = 172.20.100.1TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2656C6B696E6E2732683 : DhcpNameServer = 192.168.2.1TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\3555444454E4C494E4B4E2E45445D253635453 : DhcpNameServer = 192.168.0.1TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\54E67456E6965737146344333334 : DhcpNameServer = 69.6.190.10 69.6.190.11Notify: VESWinlogon - VESWinlogon.dllBHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO-X64: HP Print Enhancer - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - mscoree.dllBHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dllBHO-X64: Norton Identity Protection - No FileBHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLLBHO-X64: Norton Vulnerability Protection - No FileBHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLLBHO-X64: URLRedirectionBHO - No FileBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllBHO-X64: HP Smart BHO Class - No FileTB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dllTB-X64: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - mscoree.dllEB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No FilemRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartupmRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exemRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\m6cyqaim.default\FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\Users\Anthony\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-8-10 1385120]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120815.002\IDSviA64.sys [2012-8-15 509088]R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-19 13336]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-15 138272]R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-1-30 167424]R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-11 138912]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-19 44736]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-5-21 401920]S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\system32\DRIVERS\hcw72ADFilter.sys --> C:\Windows\system32\DRIVERS\hcw72ADFilter.sys [?]S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\system32\DRIVERS\hcw72ATV.sys --> C:\Windows\system32\DRIVERS\hcw72ATV.sys [?]S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\system32\DRIVERS\hcw72DTV.sys --> C:\Windows\system32\DRIVERS\hcw72DTV.sys [?]S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-23 166400]S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-23 128512]S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-6 1153368]S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104]S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952]S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304]S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048]S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432]S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960]S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496]S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264]S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672]S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888].=============== Created Last 30 ================.2012-08-15 16:00:19 -------- d-----w- C:\Program Files\Microsoft Device Center2012-08-15 15:59:38 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys2012-08-15 15:21:04 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\symds64.sys2012-08-15 15:21:04 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys2012-08-15 15:21:04 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys2012-08-15 15:21:04 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symefa64.sys2012-08-15 15:21:03 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys2012-08-15 15:21:03 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ironx64.sys2012-08-15 15:21:03 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys2012-08-15 15:20:42 -------- d-----w- C:\Windows\System32\drivers\NISx64\1308000.00E2012-08-15 04:38:21 -------- d-----w- C:\NBRT2012-08-15 00:29:39 -------- d-----w- C:\Users\Anthony\AppData\Local\NPE2012-08-14 23:01:33 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys2012-08-12 17:06:56 -------- d-----w- C:\Users\Anthony\AppData\Local\Risen2012-08-12 16:37:40 -------- d-----w- C:\Program Files (x86)\Deep Silver2012-08-01 03:51:50 -------- d-----w- C:\Program Files (x86)\Microsoft Corporation2012-07-26 17:05:44 -------- d-----w- C:\Users\Anthony\AppData\Local\HRSToolbar.==================== Find3M ====================.2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll2012-07-03 19:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-06-27 03:38:30 46176 ----a-w- C:\Windows\System32\drivers\point64.sys2012-06-27 03:38:30 23648 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys2012-06-25 22:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll2012-06-17 00:35:57 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys2012-06-17 00:35:57 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys2012-06-06 14:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2012-05-28 13:09:04 52320 ----a-w- C:\Windows\System32\drivers\dc3d.sys2012-05-28 13:09:04 2168416 ----a-w- C:\Windows\System32\coin91.dll2012-05-19 16:08:01 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-19 16:08:01 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-05-19 16:00:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS.============= FINISH: 19:01:13.95 ===============attach.txtMicrosoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 11/1/2009 8:04:48 PMSystem Uptime: 8/15/2012 5:17:27 PM (2 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 290 GiB total, 159.123 GiB free.E: is RemovableF: is RemovableG: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.Adobe AIRAdobe Reader X (10.1.0)Adobe Shockwave Player 11.5Amazon Games & Software DownloaderAtheros Client Installation ProgramAURA Fate of the AgesBing HRS ToolbarBufferChmC4600Compatibility Pack for the 2007 Office systemCreative ZEN MX DocumentationDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestinationsDeviceDiscoveryDragonsphereEpson Event ManagerEPSON ScanFile UploaderFree M4a to MP3 Converter 6.2Free WAV To MP3 Converter 2.1Free WMA to MP3 Converter 1.16Google ChromeGoogle EarthGoogle Update HelperGPBaseService2HP UpdateHPPhotoGadgethpPrintProjectsHPProductAssistanthpWLPGInstallerHTC BMP USB DriverHTC Driver InstallerHTC SyncIntel® Rapid Storage TechnologyJava Auto UpdaterMalwarebytes Anti-Malware version 1.62.0.1300MarketResearchMediaMonkey 3.2Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Visio MUI (English) 2007Microsoft Office Visio Professional 2007Microsoft Office Word MUI (English) 2010Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Move Media PlayerMozilla Firefox 14.0.1 (x86 en-US)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB973685)Nikon Message CenterNikon TransferNVIDIA PhysXOpera 12.00PS_AIO_05_C4600_Software_MinRarZilla Free UnrarrealMystRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealtek High Definition Audio DriverRealUpgrade 1.1RisenRiven The sequel to MystScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553260) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589322) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSmartWebPrintingSolutionCenterSpybot - Search & DestroyStatusText Twist 2 1.00ToolboxTrayAppUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553270) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553272) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598289) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2589345) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553248) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionVAIO CareVAIO UpdateVU5x86Wav to Mp3WebRegWinampWinamp Detector Plug-inYahoo! Messenger.==== Event Viewer Messages From Past Week ========.8/15/2012 8:10:07 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.8/15/2012 5:53:12 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21470248918/15/2012 5:53:12 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-21470248918/15/2012 5:17:59 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.8/15/2012 5:17:56 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.8/15/2012 5:17:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect.8/15/2012 5:17:56 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.8/15/2012 5:17:56 PM, Error: Service Control Manager [7000] - The HsfXAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.8/15/2012 10:08:37 AM, Error: Service Control Manager [7022] - The Intel® Sample Collector service hung on starting.8/15/2012 10:01:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596856).8/15/2012 1:28:59 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.8/14/2012 6:33:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.8/14/2012 6:33:54 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.8/14/2012 6:33:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.8/12/2012 7:37:01 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.8/10/2012 10:20:42 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR8..==== End Of File ===========================RogueKiller V7.6.6 [08/10/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Anthony [Admin rights]Mode: Scan -- Date: 08/15/2012 19:13:06¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 3 ¤¤¤[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Anthony\AppData\Local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\n.) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][FILE] @ : c:\windows\installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\@ --> FOUND[ZeroAccess][FOLDER] U : c:\windows\installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\U --> FOUND[ZeroAccess][FOLDER] L : c:\windows\installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\L --> FOUND[ZeroAccess][FILE] @ : c:\users\anthony\appdata\local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\@ --> FOUND[ZeroAccess][FOLDER] U : c:\users\anthony\appdata\local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\U --> FOUND[ZeroAccess][FOLDER] L : c:\users\anthony\appdata\local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\L --> FOUND¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ZeroAccess ¤¤¤¤¤¤ HOSTS File: ¤¤¤¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: SAMSUNG HM320II +++++--- User ---[MBR] aaaa1486c449d57391cef53c1ec6feaa[bSP] f96d0e4853ed529bedf60ed08daf3644 : Windows 7 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8093 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16576512 | Size: 100 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16781312 | Size: 297050 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2012 ID:585892 Share Posted August 16, 2012 Here you go......Your computer is infected with a nasty rootkit. Please read the following information first.You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.-----------------------------------------Please make sure system restore is running and create a new restore point before continuing!For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.<-------How to tell > 32 or 64 bitPlug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exe[*]Now press the Search button[*]When the search is complete, search.txt will also be written to your USB[*]Type exit and reboot the computer normally[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)MrC Link to post Share on other sites More sharing options...
anm81 Posted August 16, 2012 Author ID:585914 Share Posted August 16, 2012 Scan result of Farbar Recovery Scan Tool Version: 15-08-2012Ran by SYSTEM at 15-08-2012 19:37:43Running from F:\Windows 7 Home Premium (X64) OS Language: English(US)The current controlset is ControlSet002========================== Registry (Whitelisted) =============HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-23] (Realtek Semiconductor)HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-23] (Realtek Semiconductor Corp.)HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [165912 2012-05-19] (Intel Corporation)HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2012-05-19] (Intel Corporation)HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2012-05-19] (Intel Corporation)HKLM\...\Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)HKLM-x32\...\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [79872 2009-08-26] (Sony Electronics Corporation)HKLM-x32\...\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317288 2009-05-26] (Sony Corporation)HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)HKLM-x32\...\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)HKU\Guest\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin [1475584 2010-11-20] (Microsoft Corporation)Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1==================== Services (Whitelisted) ======3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)4 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()4 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2009-06-26] (Sonic Solutions)4 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2009-06-26] (Sonic Solutions)2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-09-02] (Realtek Semiconductor)2 SampleCollector; "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata" [167424 2009-09-16] (Intel Corporation)4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)4 SOHDBSvr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-07-27] (Sony Corporation)4 SOHPlMgr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-07-27] (Sony Corporation)4 Symantec RemoteAssist; "C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe" [394704 2008-01-29] (Symantec, Inc.)4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)4 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2009-07-23] (Sony Corporation)4 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [313264 2009-07-23] (Sony Corporation)4 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [206336 2009-07-23] (Sony Corporation)========================== Drivers (Whitelisted) =============3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2012-06-16] ()1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [1385120 2012-08-10] (Symantec Corporation)1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-11] (Symantec Corporation)3 hcw72ADFilter; C:\Windows\System32\Drivers\hcw72ADFilter.sys [38656 2010-04-23] (Hauppauge Computer Works, Inc.)3 hcw72ATV; C:\Windows\System32\Drivers\hcw72ATV.sys [1631488 2010-04-23] (Hauppauge Computer Works, Inc.)3 hcw72DTV; C:\Windows\System32\Drivers\hcw72DTV.sys [1634176 2010-04-23] (Hauppauge Computer Works, Inc.)1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120815.002\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2012-06-16] ()3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120815.002\ENG64.SYS [120440 2012-08-15] (Symantec Corporation)3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120815.002\EX64.SYS [2068600 2012-08-15] (Symantec Corporation)2 rimsptsk; C:\Windows\system32\DRIVERS\rimssn64.sys [86528 2009-07-31] (REDC)2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)1 SRTSP; C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)1 SRTSPX; C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)0 SymDS; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMDS64.SYS [451192 2012-03-28] (Symantec Corporation)0 SymEFA; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-05-19] (Symantec Corporation)1 SymIRON; C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)1 SymNetS; C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)3 SYMFW; [x]3 SYMNDISV; [x]========================== NetSvcs (Whitelisted) ======================= One Month Created Files and Folders ==============2012-08-15 19:37 - 2012-08-15 19:37 - 00000000 ____D C:\FRST2012-08-15 17:13 - 2012-08-15 17:13 - 00002030 ____A C:\Users\Anthony\Desktop\RKreport[1].txt2012-08-15 17:11 - 2012-08-15 17:13 - 00000000 ____D C:\Users\Anthony\Desktop\RK_Quarantine2012-08-15 17:10 - 2012-08-15 17:10 - 01558528 ____A C:\Users\Anthony\Desktop\RogueKiller.exe2012-08-15 16:56 - 2012-08-15 16:56 - 00607260 ____R (Swearware) C:\Users\Anthony\Desktop\dds.com2012-08-15 08:00 - 2012-08-15 08:00 - 00000000 ____D C:\Program Files\Microsoft Device Center2012-08-15 07:59 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys2012-08-15 07:56 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-08-15 07:56 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-08-15 07:56 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2012-08-15 07:56 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-08-15 07:56 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-08-15 07:56 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2012-08-15 07:56 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-08-15 07:56 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-08-15 07:56 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2012-08-15 07:56 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2012-08-15 07:56 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-08-15 07:56 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-08-15 07:56 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-08-15 07:56 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-08-15 07:56 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-08-15 07:56 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-08-15 07:56 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2012-08-15 07:56 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-08-15 07:56 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-08-15 07:56 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2012-08-15 07:56 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-08-15 07:56 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-08-15 07:56 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2012-08-15 07:56 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2012-08-15 07:56 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-08-15 07:56 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-08-15 07:56 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-08-15 07:56 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-08-15 06:23 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2012-08-15 06:23 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll2012-08-15 06:23 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll2012-08-15 06:23 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll2012-08-15 06:23 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll2012-08-15 06:23 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll2012-08-15 06:23 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll2012-08-15 06:23 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll2012-08-15 06:23 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2012-08-15 06:23 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll2012-08-15 06:23 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe2012-08-15 06:23 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe2012-08-15 06:23 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll2012-08-14 20:38 - 2012-08-14 20:38 - 00000000 ____D C:\NBRT2012-08-14 16:29 - 2012-08-14 17:55 - 00000000 ____D C:\Users\Anthony\AppData\Local\NPE2012-08-14 15:01 - 2012-08-15 15:16 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys2012-08-12 09:06 - 2012-08-12 09:07 - 00000000 ____D C:\Users\Anthony\AppData\Local\Risen2012-08-12 08:37 - 2012-08-12 08:37 - 00000000 ____D C:\Program Files (x86)\Deep Silver2012-07-31 21:17 - 2012-07-31 21:17 - 00000000 ____D C:\Windows\Sun2012-07-31 19:51 - 2012-07-31 19:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Corporation2012-07-31 10:45 - 2012-07-31 10:45 - 00000025 ____A C:\Users\Anthony\Desktop\sharepoint.txt2012-07-26 09:05 - 2012-07-26 09:05 - 00000000 ____D C:\Users\Anthony\AppData\Local\HRSToolbar2012-07-25 18:24 - 2012-07-25 18:25 - 03287189 ____A C:\Users\Anthony\Downloads\Toolbar_v3.8.0.zip2012-07-20 10:15 - 2008-05-29 18:55 - 00000000 ____D C:\Users\Public\Downloads\Mazz - Los Temas Mas Inolvidables2012-07-19 22:38 - 2012-07-19 22:38 - 00000211 ____A C:\Users\Anthony\Desktop\lakdhg.txt2012-07-17 14:44 - 2012-08-05 13:12 - 00000028 ____A C:\Users\Anthony\Desktop\psswrd.txt2012-07-17 14:34 - 2012-07-17 14:34 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk2012-07-17 14:34 - 2012-07-17 14:34 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Mozilla============ 3 Months Modified Files ========================2012-08-15 17:33 - 2009-09-09 23:35 - 01250524 ____A C:\Windows\WindowsUpdate.log2012-08-15 17:13 - 2012-08-15 17:13 - 00002030 ____A C:\Users\Anthony\Desktop\RKreport[1].txt2012-08-15 17:10 - 2012-08-15 17:10 - 01558528 ____A C:\Users\Anthony\Desktop\RogueKiller.exe2012-08-15 16:56 - 2012-08-15 16:56 - 00607260 ____R (Swearware) C:\Users\Anthony\Desktop\dds.com2012-08-15 15:25 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02012-08-15 15:25 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02012-08-15 15:17 - 2012-05-19 09:19 - 00013383 ____A C:\Windows\setupact.log2012-08-15 15:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2012-08-15 15:16 - 2012-08-14 15:01 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys2012-08-15 14:27 - 2012-05-19 09:19 - 00034912 ____A C:\Windows\PFRO.log2012-08-15 08:24 - 2010-01-30 10:47 - 00000039 ____A C:\Windows\vbaddin.ini2012-08-15 08:04 - 2009-07-13 20:45 - 00474008 ____A C:\Windows\System32\FNTCACHE.DAT2012-08-15 07:54 - 2009-11-04 16:44 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2012-08-15 07:31 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI2012-08-15 07:26 - 2009-09-03 01:29 - 00002501 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk2012-08-12 08:42 - 2012-06-16 16:35 - 00032310 ____A C:\Windows\DirectX.log2012-08-05 13:12 - 2012-07-17 14:44 - 00000028 ____A C:\Users\Anthony\Desktop\psswrd.txt2012-07-31 10:45 - 2012-07-31 10:45 - 00000025 ____A C:\Users\Anthony\Desktop\sharepoint.txt2012-07-27 11:00 - 2012-02-07 18:15 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2012-07-25 18:25 - 2012-07-25 18:24 - 03287189 ____A C:\Users\Anthony\Downloads\Toolbar_v3.8.0.zip2012-07-19 22:38 - 2012-07-19 22:38 - 00000211 ____A C:\Users\Anthony\Desktop\lakdhg.txt2012-07-18 10:15 - 2012-08-15 06:23 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2012-07-17 14:34 - 2012-07-17 14:34 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk2012-07-10 14:15 - 2012-07-10 14:15 - 00264336 ____A C:\Windows\msxml4-KB2721691-enu.LOG2012-07-06 12:07 - 2012-08-15 07:59 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys2012-07-04 14:16 - 2012-08-15 06:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll2012-07-04 14:13 - 2012-08-15 06:23 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll2012-07-04 14:13 - 2012-08-15 06:23 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll2012-07-04 13:16 - 2012-08-15 06:23 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll2012-07-04 13:14 - 2012-08-15 06:23 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll2012-07-03 11:46 - 2012-02-07 18:15 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2012-06-28 20:55 - 2012-08-15 07:56 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-06-28 20:09 - 2012-08-15 07:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-06-28 19:56 - 2012-08-15 07:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2012-06-28 19:49 - 2012-08-15 07:56 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-06-28 19:49 - 2012-08-15 07:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-06-28 19:48 - 2012-08-15 07:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2012-06-28 19:47 - 2012-08-15 07:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-06-28 19:45 - 2012-08-15 07:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-06-28 19:44 - 2012-08-15 07:56 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2012-06-28 19:43 - 2012-08-15 07:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2012-06-28 19:42 - 2012-08-15 07:56 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-06-28 19:40 - 2012-08-15 07:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-06-28 19:39 - 2012-08-15 07:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-06-28 19:35 - 2012-08-15 07:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-06-28 16:52 - 2012-08-15 07:56 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-06-28 16:27 - 2012-08-15 07:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-06-28 16:16 - 2012-08-15 07:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2012-06-28 16:09 - 2012-08-15 07:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-06-28 16:09 - 2012-08-15 07:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-06-28 16:08 - 2012-08-15 07:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2012-06-28 16:07 - 2012-08-15 07:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-06-28 16:06 - 2012-08-15 07:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-06-28 16:04 - 2012-08-15 07:56 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2012-06-28 16:04 - 2012-08-15 07:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2012-06-28 16:01 - 2012-08-15 07:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-06-28 16:01 - 2012-08-15 07:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-06-28 16:00 - 2012-08-15 07:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-06-28 15:57 - 2012-08-15 07:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-06-26 19:38 - 2012-06-26 19:38 - 00046176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\point64.sys2012-06-26 19:38 - 2012-06-26 19:38 - 00023648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nuidfltr.sys2012-06-25 14:04 - 2012-06-25 14:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll2012-06-18 06:31 - 2009-11-01 16:53 - 00317425 ____N C:\Windows\Minidump\061812-38969-01.dmp2012-06-17 17:56 - 2012-06-17 17:56 - 00001082 ____A C:\Users\Public\Desktop\HTC Sync.lnk2012-06-17 17:54 - 2012-06-17 17:54 - 00017558 ____A C:\Windows\DPINST.LOG2012-06-17 13:53 - 2012-01-09 19:30 - 00007596 ____A C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg2012-06-16 16:35 - 2012-06-16 16:35 - 00314016 ____A C:\Windows\System32\Drivers\atksgt.sys2012-06-16 16:35 - 2012-06-16 16:35 - 00043680 ____A C:\Windows\System32\Drivers\lirsgt.sys2012-06-15 22:02 - 2012-06-15 22:02 - 00849056 ____A (Amazon Services LLC) C:\Users\Anthony\Downloads\Risen_Downloader.exe2012-06-14 13:32 - 2009-11-07 05:31 - 00000979 ____A C:\Users\Public\Desktop\Winamp.lnk2012-06-14 13:31 - 2012-06-14 13:31 - 12062848 ____A (Nullsoft, Inc.) C:\Users\Anthony\Downloads\winamp5623_pro_en-us.exe2012-06-08 21:43 - 2012-07-10 12:54 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll2012-06-08 20:41 - 2012-07-10 12:54 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2012-06-06 06:49 - 2012-06-06 06:49 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX2012-06-05 22:06 - 2012-07-10 12:54 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll2012-06-05 22:06 - 2012-07-10 12:54 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll2012-06-05 22:02 - 2012-07-10 12:54 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll2012-06-05 21:05 - 2012-07-10 12:54 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2012-06-05 21:05 - 2012-07-10 12:54 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2012-06-05 21:03 - 2012-07-10 12:54 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll2012-06-02 14:19 - 2012-06-21 07:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2012-06-02 14:19 - 2012-06-21 07:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll2012-06-02 14:19 - 2012-06-21 07:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2012-06-02 14:19 - 2012-06-21 07:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll2012-06-02 14:19 - 2012-06-21 07:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll2012-06-02 14:15 - 2012-06-21 07:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll2012-06-02 14:15 - 2012-06-21 07:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll2012-06-02 14:00 - 2012-06-02 14:00 - 00010741 ____A C:\Users\Anthony\Documents\QuikPAY® Payment Receipt.htm2012-06-02 13:19 - 2012-06-21 07:13 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2012-06-02 13:15 - 2012-06-21 07:13 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe2012-06-01 21:50 - 2012-07-10 12:54 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys2012-06-01 21:48 - 2012-07-10 12:54 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2012-06-01 21:48 - 2012-07-10 12:54 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys2012-06-01 21:45 - 2012-07-10 12:54 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll2012-06-01 21:44 - 2012-07-10 12:54 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll2012-06-01 20:40 - 2012-07-10 12:54 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2012-06-01 20:40 - 2012-07-10 12:54 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2012-06-01 20:39 - 2012-07-10 12:54 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2012-06-01 20:34 - 2012-07-10 12:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2012-05-28 08:45 - 2012-05-19 12:12 - 00000000 ____A C:\Windows\Model.log2012-05-28 08:45 - 2010-01-30 11:18 - 00000022 ____A C:\Windows\Model.txt2012-05-28 05:09 - 2012-05-28 05:09 - 02168416 ____A (Microsoft Corporation) C:\Windows\System32\coin91.dll2012-05-28 05:09 - 2012-05-28 05:09 - 00052320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dc3d.sys2012-05-21 22:06 - 2012-05-21 22:06 - 00001079 ____A C:\Users\Anthony\Desktop\AURA Fate of the Ages.lnk2012-05-21 07:02 - 2012-05-18 22:04 - 00000268 ____A C:\Windows\QTW.ini2012-05-20 09:09 - 2012-05-20 09:09 - 00001529 ____A C:\Users\Anthony\Desktop\Riven - Shortcut.lnk2012-05-19 17:24 - 2012-05-19 17:23 - 00002153 ____A C:\RHDSetup.log2012-05-19 12:26 - 2009-08-18 15:26 - 00014338 ____A C:\Windows\System32\results.xml2012-05-19 12:23 - 2012-05-19 12:23 - 08095232 ____A (Intel Corporation) C:\Windows\System32\ig4icd64.dll2012-05-19 12:23 - 2012-05-19 12:23 - 07370176 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys2012-05-19 12:23 - 2012-05-19 12:23 - 06042112 ____A (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll2012-05-19 12:23 - 2012-05-19 12:23 - 05694976 ____A (Intel Corporation) C:\Windows\System32\igfxress.dll2012-05-19 12:23 - 2012-05-19 12:23 - 05616640 ____A (Intel Corporation) C:\Windows\System32\igdumd64.dll2012-05-19 12:23 - 2012-05-19 12:23 - 05195776 ____A (Intel Corporation) C:\Windows\System32\ig4dev64.dll2012-05-19 12:23 - 2012-05-19 12:23 - 04233728 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll2012-05-19 12:23 - 2012-05-19 12:23 - 03839488 ____A (Intel Corporation) C:\Windows\SysWOW64\ig4dev32.dll2012-05-19 12:23 - 2012-05-19 12:23 - 03799040 ____A (Intel Corporation) C:\Windows\System32\igd10umd64.dll2012-05-19 12:23 - 2012-05-19 12:23 - 03646976 ____A (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll2012-05-19 12:23 - 2012-05-19 12:23 - 01991936 ____A C:\Windows\System32\iglhxa64.cpa2012-05-19 12:23 - 2012-05-19 12:23 - 01312768 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v1872.dll2012-05-19 12:23 - 2012-05-19 12:23 - 00845848 ____A (Intel Corporation) C:\Windows\System32\igfxcfg.exe2012-05-19 12:23 - 2012-05-19 12:23 - 00549888 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumdx32.dll2012-05-19 12:23 - 2012-05-19 12:23 - 00491032 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe2012-05-19 12:23 - 2012-05-19 12:23 - 00387608 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe2012-05-19 12:23 - 2012-05-19 12:23 - 00371712 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll2012-05-19 12:23 - 2012-05-19 12:23 - 00365592 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe2012-05-19 12:23 - 2012-05-19 12:23 - 00312832 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00306688 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00305664 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00305664 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00305152 ____A (Intel Corporation) C:\Windows\System32\igfxresp.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00301568 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00296960 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00293376 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00291328 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00290304 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00289792 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00284672 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00284672 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00284672 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00283136 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00282624 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00282112 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00281088 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00279552 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00278016 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00264704 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00254464 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00251904 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00246272 ____A (Intel Corporation) C:\Windows\System32\igfxpph.dll2012-05-19 12:23 - 2012-05-19 12:23 - 00217088 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll2012-05-19 12:23 - 2012-05-19 12:23 - 00215576 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe2012-05-19 12:23 - 2012-05-19 12:23 - 00208896 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00207360 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00181760 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00180224 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc2012-05-19 12:23 - 2012-05-19 12:23 - 00165912 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe2012-05-19 12:23 - 2012-05-19 12:23 - 00142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll2012-05-19 12:23 - 2012-05-19 12:23 - 00125952 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl2012-05-19 12:23 - 2012-05-19 12:23 - 00106008 ____A (Intel Corporation) C:\Windows\System32\difx64.exe2012-05-19 12:23 - 2012-05-19 12:23 - 00059484 ____A C:\Windows\System32\iglhxc64.vp2012-05-19 12:23 - 2012-05-19 12:23 - 00059392 ____A (Intel Corporation) C:\Windows\SysWOW64\oemdspif.dll2012-05-19 12:23 - 2012-05-19 12:23 - 00059315 ____A C:\Windows\System32\iglhxo64.vp2012-05-19 12:23 - 2012-05-19 12:23 - 00058840 ____A C:\Windows\System32\iglhxg64.vp2012-05-19 12:23 - 2012-05-19 12:23 - 00027648 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll2012-05-19 12:23 - 2012-05-19 12:23 - 00004448 ____A C:\Windows\System32\iglhxs64.vp2012-05-19 12:23 - 2012-05-19 12:23 - 00001090 ____A C:\Windows\System32\iglhxa64.vp2012-05-19 12:23 - 2009-08-18 15:46 - 00259584 ____A (Intel Corporation) C:\Windows\System32\igfxdev.dll2012-05-19 12:23 - 2009-08-18 15:46 - 00108544 ____A (Intel Corporation) C:\Windows\System32\hccutils.dll2012-05-19 12:23 - 2009-08-18 15:46 - 00055808 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.dll2012-05-19 12:23 - 2009-08-18 15:18 - 01002008 ____A (Intel Corporation) C:\Windows\SysWOW64\igxpun.exe2012-05-19 09:19 - 2012-05-19 09:19 - 00000000 ____A C:\Windows\setuperr.log2012-05-19 08:30 - 2012-05-19 08:30 - 00035258 ____A C:\test.xml2012-05-19 08:08 - 2012-03-31 05:31 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2012-05-19 08:08 - 2011-06-15 22:07 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2012-05-19 08:00 - 2009-11-03 03:56 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS2012-05-19 08:00 - 2009-11-03 03:56 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CATZeroAccess:C:\Windows\Installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}C:\Windows\Installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\@C:\Windows\Installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\LC:\Windows\Installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\UC:\Windows\Installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\U\80000064.@ZeroAccess:C:\Users\Anthony\AppData\Local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}C:\Users\Anthony\AppData\Local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\@C:\Users\Anthony\AppData\Local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\LC:\Users\Anthony\AppData\Local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\U========================= Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check ============C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK========================= Memory info ======================Percentage of memory in use: 9%Total physical RAM: 8031.02 MBAvailable physical RAM: 7247.45 MBTotal Pagefile: 8029.17 MBAvailable Pagefile: 7245.11 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.9 MB======================= Partitions =========================1 Drive c: () (Fixed) (Total:290.09 GB) (Free:158.58 GB) NTFS2 Drive e: (Recovery) (Fixed) (Total:7.9 GB) (Free:0.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]3 Drive f: (Aug 15 2012) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]Disk ### Status Size Free Dyn Gpt-------- ------------- ------- ------- --- ---Disk 0 Online 298 GB 0 BPartitions of Disk 0:===============Partition ### Type Size Offset------------- ---------------- ------- -------Partition 1 Recovery 8093 MB 1024 KBPartition 2 Primary 100 MB 8094 MBPartition 3 Primary 290 GB 8 GB==================================================================================Disk: 0Partition 1Type : 27Hidden: YesActive: NoVolume ### Ltr Label Fs Type Size Status Info---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 E Recovery NTFS Partition 8093 MB Healthy Hidden==================================================================================Disk: 0Partition 2Type : 07Hidden: NoActive: YesVolume ### Ltr Label Fs Type Size Status Info---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 Y System Rese NTFS Partition 100 MB Healthy==================================================================================Disk: 0Partition 3Type : 07Hidden: NoActive: NoVolume ### Ltr Label Fs Type Size Status Info---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C NTFS Partition 290 GB Healthy==================================================================================Last Boot: 2012-08-08 11:43======================= End Of Log ==========================Farbar Recovery Scan Tool Version: 15-08-2012Ran by SYSTEM at 2012-08-15 19:39:37Running from F:\================== Search: "services.exe" ===================C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCBC:\Windows\System32\services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCBC:\Windows\ERDNT\cache64\services.exe[2012-02-06 12:51] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB====== End Of Search ====== Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2012 ID:585916 Share Posted August 16, 2012 OK, here you go......Please carefully carry out this procedure!!!!!!Please download the attached fixlist.txt and copy it to your flashdrive.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options. (as you did before)Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.MrC Link to post Share on other sites More sharing options...
anm81 Posted August 16, 2012 Author ID:585926 Share Posted August 16, 2012 Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012Ran by SYSTEM at 2012-08-15 20:30:01 Run:1Running from F:\==============================================C:\Windows\Installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd} moved successfully.C:\Users\Anthony\AppData\Local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd} moved successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2012 ID:586017 Share Posted August 16, 2012 Well Done, lets run ComboFix to clear up any leftovers.Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
anm81 Posted August 16, 2012 Author ID:586108 Share Posted August 16, 2012 ComboFix 12-08-16.01 - Anthony 08/16/2012 8:41.2.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6371 [GMT -6:00]Running from: c:\users\Anthony\Desktop\ComboFix.exeAV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Deep Silver\Risen\bin\Dialogs.dllc:\program files (x86)\Deep Silver\Risen\bin\FFC.dllc:\program files (x86)\Deep Silver\Risen\bin\FFCore.dllc:\program files (x86)\Deep Silver\Risen\bin\FileSystem2.dllc:\program files (x86)\Deep Silver\Risen\bin\GUI2.dllc:\program files (x86)\Deep Silver\Risen\bin\Music.dllc:\program files (x86)\Deep Silver\Risen\bin\Risen.exec:\program files (x86)\Deep Silver\Risen\bin\SCM.dllc:\program files (x86)\Deep Silver\Risen\bin\SharedBase.dll..((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))..2012-08-16 14:51 . 2012-08-16 14:54 -------- d-----w- c:\users\Anthony\AppData\Local\temp2012-08-16 14:51 . 2012-08-16 14:51 -------- d-----w- c:\users\Public\AppData\Local\temp2012-08-16 14:51 . 2012-08-16 14:51 -------- d-----w- c:\users\Guest\AppData\Local\temp2012-08-16 14:51 . 2012-08-16 14:51 -------- d-----w- c:\users\Default\AppData\Local\temp2012-08-16 03:37 . 2012-08-16 03:37 -------- d-----w- C:\FRST2012-08-15 16:00 . 2012-08-15 16:00 -------- d-----w- c:\program files\Microsoft Device Center2012-08-15 15:59 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys2012-08-15 15:20 . 2012-08-15 19:29 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E2012-08-15 04:38 . 2012-08-15 04:38 -------- d-----w- C:\NBRT2012-08-15 00:29 . 2012-08-15 01:55 -------- d-----w- c:\users\Anthony\AppData\Local\NPE2012-08-14 23:01 . 2012-08-15 23:16 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys2012-08-12 17:06 . 2012-08-12 17:07 -------- d-----w- c:\users\Anthony\AppData\Local\Risen2012-08-12 16:37 . 2012-08-12 16:37 -------- d-----w- c:\program files (x86)\Deep Silver2012-08-01 05:17 . 2012-08-01 05:17 -------- d-----w- c:\windows\Sun2012-08-01 03:51 . 2012-08-01 03:51 -------- d-----w- c:\program files (x86)\Microsoft Corporation2012-07-26 17:05 . 2012-07-26 17:05 -------- d-----w- c:\users\Anthony\AppData\Local\HRSToolbar...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-08-03 10:27 . 2009-11-05 00:44 62134624 ----a-w- c:\windows\system32\MRT.exe2012-07-03 19:46 . 2012-02-08 02:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-27 03:38 . 2012-06-27 03:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys2012-06-27 03:38 . 2012-06-27 03:38 23648 ----a-w- c:\windows\system32\drivers\nuidfltr.sys2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll2012-06-17 00:35 . 2012-06-17 00:35 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys2012-06-17 00:35 . 2012-06-17 00:35 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys2012-06-09 05:43 . 2012-07-10 20:54 14172672 ----a-w- c:\windows\system32\shell32.dll2012-06-06 14:49 . 2012-06-06 14:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2012-06-06 06:06 . 2012-07-10 20:54 2004480 ----a-w- c:\windows\system32\msxml6.dll2012-06-06 06:06 . 2012-07-10 20:54 1881600 ----a-w- c:\windows\system32\msxml3.dll2012-06-06 06:02 . 2012-07-10 20:54 1133568 ----a-w- c:\windows\system32\cdosys.dll2012-06-06 05:05 . 2012-07-10 20:54 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll2012-06-06 05:05 . 2012-07-10 20:54 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll2012-06-06 05:03 . 2012-07-10 20:54 805376 ----a-w- c:\windows\SysWow64\cdosys.dll2012-06-02 22:19 . 2012-06-21 15:14 38424 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2012-06-21 15:14 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:19 . 2012-06-21 15:14 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2012-06-21 15:14 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2012-06-21 15:14 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:15 . 2012-06-21 15:14 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:15 . 2012-06-21 15:14 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 21:19 . 2012-06-21 15:13 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 21:15 . 2012-06-21 15:13 36864 ----a-w- c:\windows\system32\wuapp.exe2012-06-02 05:50 . 2012-07-10 20:54 458704 ----a-w- c:\windows\system32\drivers\cng.sys2012-06-02 05:48 . 2012-07-10 20:54 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-06-02 05:48 . 2012-07-10 20:54 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2012-06-02 05:45 . 2012-07-10 20:54 340992 ----a-w- c:\windows\system32\schannel.dll2012-06-02 05:44 . 2012-07-10 20:54 307200 ----a-w- c:\windows\system32\ncrypt.dll2012-06-02 04:40 . 2012-07-10 20:54 22016 ----a-w- c:\windows\SysWow64\secur32.dll2012-06-02 04:40 . 2012-07-10 20:54 225280 ----a-w- c:\windows\SysWow64\schannel.dll2012-06-02 04:39 . 2012-07-10 20:54 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll2012-06-02 04:34 . 2012-07-10 20:54 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2012-05-28 13:09 . 2012-05-28 13:09 52320 ----a-w- c:\windows\system32\drivers\dc3d.sys2012-05-28 13:09 . 2012-05-28 13:09 2168416 ----a-w- c:\windows\system32\coin91.dll2012-05-19 20:23 . 2012-05-19 20:23 845848 ----a-w- c:\windows\system32\igfxcfg.exe2012-05-19 20:23 . 2012-05-19 20:23 8095232 ----a-w- c:\windows\system32\ig4icd64.dll2012-05-19 20:23 . 2012-05-19 20:23 7370176 ----a-w- c:\windows\system32\drivers\igdkmd64.sys2012-05-19 20:23 . 2012-05-19 20:23 6042112 ----a-w- c:\windows\SysWow64\ig4icd32.dll2012-05-19 20:23 . 2012-05-19 20:23 59392 ----a-w- c:\windows\SysWow64\oemdspif.dll2012-05-19 20:23 . 2012-05-19 20:23 5694976 ----a-w- c:\windows\system32\igfxress.dll2012-05-19 20:23 . 2012-05-19 20:23 5616640 ----a-w- c:\windows\system32\igdumd64.dll2012-05-19 20:23 . 2012-05-19 20:23 549888 ----a-w- c:\windows\SysWow64\igdumdx32.dll2012-05-19 20:23 . 2012-05-19 20:23 5195776 ----a-w- c:\windows\system32\ig4dev64.dll2012-05-19 20:23 . 2012-05-19 20:23 491032 ----a-w- c:\windows\system32\igfxsrvc.exe2012-05-19 20:23 . 2012-05-19 20:23 4233728 ----a-w- c:\windows\SysWow64\igdumd32.dll2012-05-19 20:23 . 2012-05-19 20:23 387608 ----a-w- c:\windows\system32\hkcmd.exe2012-05-19 20:23 . 2012-05-19 20:23 3839488 ----a-w- c:\windows\SysWow64\ig4dev32.dll2012-05-19 20:23 . 2012-05-19 20:23 3799040 ----a-w- c:\windows\system32\igd10umd64.dll2012-05-19 20:23 . 2012-05-19 20:23 371712 ----a-w- c:\windows\system32\igfxTMM.dll2012-05-19 20:23 . 2012-05-19 20:23 365592 ----a-w- c:\windows\system32\igfxpers.exe2012-05-19 20:23 . 2012-05-19 20:23 3646976 ----a-w- c:\windows\SysWow64\igd10umd32.dll2012-05-19 20:23 . 2012-05-19 20:23 312832 ----a-w- c:\windows\system32\igfxrell.lrc2012-05-19 20:23 . 2012-05-19 20:23 306688 ----a-w- c:\windows\system32\igfxrita.lrc2012-05-19 20:23 . 2012-05-19 20:23 305664 ----a-w- c:\windows\system32\igfxrfra.lrc2012-05-19 20:23 . 2012-05-19 20:23 305664 ----a-w- c:\windows\system32\igfxrdeu.lrc2012-05-19 20:23 . 2012-05-19 20:23 305152 ----a-w- c:\windows\system32\igfxresp.lrc2012-05-19 20:23 . 2012-05-19 20:23 301568 ----a-w- c:\windows\system32\igfxrnld.lrc2012-05-19 20:23 . 2012-05-19 20:23 296960 ----a-w- c:\windows\system32\igfxrptg.lrc2012-05-19 20:23 . 2012-05-19 20:23 293376 ----a-w- c:\windows\system32\igfxrrus.lrc2012-05-19 20:23 . 2012-05-19 20:23 291328 ----a-w- c:\windows\system32\igfxrptb.lrc2012-05-19 20:23 . 2012-05-19 20:23 290304 ----a-w- c:\windows\system32\igfxrhun.lrc2012-05-19 20:23 . 2012-05-19 20:23 289792 ----a-w- c:\windows\system32\igfxrplk.lrc2012-05-19 20:23 . 2012-05-19 20:23 284672 ----a-w- c:\windows\system32\igfxrsve.lrc2012-05-19 20:23 . 2012-05-19 20:23 284672 ----a-w- c:\windows\system32\igfxrsky.lrc2012-05-19 20:23 . 2012-05-19 20:23 284672 ----a-w- c:\windows\system32\igfxrcsy.lrc2012-05-19 20:23 . 2012-05-19 20:23 283136 ----a-w- c:\windows\system32\igfxrfin.lrc2012-05-19 20:23 . 2012-05-19 20:23 282624 ----a-w- c:\windows\system32\igfxrdan.lrc2012-05-19 20:23 . 2012-05-19 20:23 282112 ----a-w- c:\windows\system32\igfxrnor.lrc2012-05-19 20:23 . 2012-05-19 20:23 281088 ----a-w- c:\windows\system32\igfxrtrk.lrc2012-05-19 20:23 . 2012-05-19 20:23 279552 ----a-w- c:\windows\system32\igfxrslv.lrc2012-05-19 20:23 . 2012-05-19 20:23 278016 ----a-w- c:\windows\system32\igfxrenu.lrc2012-05-19 20:23 . 2012-05-19 20:23 27648 ----a-w- c:\windows\system32\igfxexps.dll2012-05-19 20:23 . 2012-05-19 20:23 264704 ----a-w- c:\windows\system32\igfxrtha.lrc2012-05-19 20:23 . 2012-05-19 20:23 254464 ----a-w- c:\windows\system32\igfxrara.lrc2012-05-19 20:23 . 2012-05-19 20:23 251904 ----a-w- c:\windows\system32\igfxrheb.lrc2012-05-19 20:23 . 2012-05-19 20:23 246272 ----a-w- c:\windows\system32\igfxpph.dll2012-05-19 20:23 . 2012-05-19 20:23 217088 ----a-w- c:\windows\SysWow64\igfxdv32.dll2012-05-19 20:23 . 2012-05-19 20:23 215576 ----a-w- c:\windows\system32\igfxext.exe2012-05-19 20:23 . 2012-05-19 20:23 208896 ----a-w- c:\windows\system32\igfxrjpn.lrc2012-05-19 20:23 . 2012-05-19 20:23 207360 ----a-w- c:\windows\system32\igfxrkor.lrc2012-05-19 20:23 . 2012-05-19 20:23 181760 ----a-w- c:\windows\system32\igfxrcht.lrc2012-05-19 20:23 . 2012-05-19 20:23 180224 ----a-w- c:\windows\system32\igfxrchs.lrc2012-05-19 20:23 . 2012-05-19 20:23 165912 ----a-w- c:\windows\system32\igfxtray.exe2012-05-19 20:23 . 2012-05-19 20:23 142336 ----a-w- c:\windows\system32\igfxdo.dll2012-05-19 20:23 . 2012-05-19 20:23 1312768 ----a-w- c:\windows\system32\igfxCoIn_v1872.dll2012-05-19 20:23 . 2012-05-19 20:23 125952 ----a-w- c:\windows\system32\igfxcpl.cpl2012-05-19 20:23 . 2012-05-19 20:23 106008 ----a-w- c:\windows\system32\difx64.exe2012-05-19 20:23 . 2009-08-18 23:46 55808 ----a-w- c:\windows\system32\igfxsrvc.dll2012-05-19 20:23 . 2009-08-18 23:46 259584 ----a-w- c:\windows\system32\igfxdev.dll2012-05-19 20:23 . 2009-08-18 23:46 108544 ----a-w- c:\windows\system32\hccutils.dll2012-05-19 20:23 . 2009-08-18 23:18 1002008 ----a-w- c:\windows\SysWow64\igxpun.exe2012-05-19 16:08 . 2012-03-31 13:31 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-05-19 16:08 . 2011-06-16 06:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-19 16:00 . 2009-11-03 11:56 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775d}]2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{c9a6357b-25cc-4bcf-96c1-78736985d414}"= "mscoree.dll" [2010-11-05 297808].[HKEY_CLASSES_ROOT\clsid\{c9a6357b-25cc-4bcf-96c1-78736985d414}][HKEY_CLASSES_ROOT\Microsoft.Search.HRSToolBar.HRSToolbar].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872]"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll.2;2 SampleCollector;Intel® Sample Collector [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [2010-04-23 38656]R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [2010-04-23 1631488]R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [2010-04-23 1634176]R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]R3 SYMNDISV;Symantec Network Filter Driver; [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1255736]R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 133104]R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 133104]R4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]R4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]R4 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]R4 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2012-03-29 451192]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120815.002\IDSvia64.sys [2012-06-14 509088]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-03 189984]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-12 138912]S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264]S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 08:28].2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 08:28]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-19 165912]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-19 387608]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-19 365592]"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNTmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.2.1FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\m6cyqaim.default\.- - - - ORPHANS REMOVED - - - -.SafeBoot-85453673.sysAddRemove-Riven The sequel to Myst_is1 - c:\program files (x86)\GOG.com\Riven\unins000.exe...[HKEY_LOCAL_MACHINE\system\ControlSet002\services\NIS]"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"--.[HKEY_LOCAL_MACHINE\system\ControlSet002\services\SampleCollector]"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\"".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\Sony\VAIO Care\listener.exe.**************************************************************************.Completion time: 2012-08-16 09:03:13 - machine was rebootedComboFix-quarantined-files.txt 2012-08-16 15:03.Pre-Run: 169,781,456,896 bytes freePost-Run: 170,654,294,016 bytes free.- - End Of File - - 185D91755410EAB93F8E18940DFD4ADA Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2012 ID:586117 Share Posted August 16, 2012 Looks Good.....Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
anm81 Posted August 16, 2012 Author ID:586206 Share Posted August 16, 2012 Nothing detected by Malwarebytes: Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.15.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Anthony :: ANTHONY-VAIO [administrator]8/16/2012 10:01:50 AMmbam-log-2012-08-16 (10-01-50).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 630605Time elapsed: 3 hour(s), 8 minute(s), 18 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)However, Symantec did detect another bug during a routine scan:Full Path: c:\frst\quarantine\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\u\80000064.@Threat: Trojan.Gen________________________________________________________On computers as of Not AvailableLast Used 8/16/2012 at 12:44:32 PMStartup Item NoLaunched No________________________________________________________UnknownNumber of users in the Norton Community that have used this file: Unknown____________________________UnknownThis file release is currently not known.____________________________HighThis file risk is high.____________________________Threat DetailsThreat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.________________________________________________________File ActionsFile: c:\frst\quarantine\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\u\80000064.@Removed____________________________File Thumbprint - SHA:4290647695683b021db3fd232fecdafb47b909e2ca0839a20a3a0c1c70f9ef63____________________________File Thumbprint - MD5:0115e9a964729df77d53362cf4e39886____________________________My PC is running slower than before. Programs either lag or completely freeze when loading.I did another DDS.com scan. Here are the logs:DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421Run by Anthony at 13:29:29 on 2012-08-16Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.4406 [GMT -6:00].AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exeC:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\WUDFHost.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exeC:\Program Files\Apoint\Apoint.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Microsoft Device Center\itype.exeC:\Program Files\Microsoft Device Center\ipoint.exeC:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exeC:\Program Files (x86)\Winamp\winampa.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\Apoint\ApMsgFwd.exeC:\Program Files\Apoint\Apvfb.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exeC:\Windows\system32\conhost.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files\Sony\VAIO Care\collsvc.exeC:\Program Files\Sony\VAIO Care\listener.exeC:\Program Files\Sony\VAIO Care\VCsystray.exeC:\Program Files\Sony\VAIO Care\VCService.exeC:\Program Files\Sony\VAIO Care\VCAgent.exeC:\Windows\System32\vds.exeC:\Program Files\Sony\VAIO Care\Admload.exeC:\Program Files (x86)\Opera\opera.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNTBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - mscoree.dllBHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dllBHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLLBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dllTB: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - mscoree.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllmRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartupmRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exemRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startupmPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabTCP: DhcpNameServer = 192.168.2.1TCP: Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495} : DhcpNameServer = 208.180.42.100 208.180.42.68TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB} : DhcpNameServer = 192.168.2.1TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2516D6164616 : DhcpNameServer = 172.20.100.1TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2656C6B696E6E2732683 : DhcpNameServer = 192.168.2.1TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\3555444454E4C494E4B4E2E45445D253635453 : DhcpNameServer = 192.168.0.1TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\54E67456E6965737146344333334 : DhcpNameServer = 69.6.190.10 69.6.190.11Notify: VESWinlogon - VESWinlogon.dllBHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO-X64: HP Print Enhancer - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - mscoree.dllBHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dllBHO-X64: Norton Identity Protection - No FileBHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLLBHO-X64: Norton Vulnerability Protection - No FileBHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLLBHO-X64: URLRedirectionBHO - No FileBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllBHO-X64: HP Smart BHO Class - No FileTB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dllTB-X64: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - mscoree.dllEB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No FilemRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartupmRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exemRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\m6cyqaim.default\FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\Users\Anthony\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-8-10 1385120]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120815.002\IDSviA64.sys [2012-8-15 509088]R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-19 13336]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-15 138272]R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-1-30 167424]R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-11 138912]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-19 44736]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-5-21 401920]S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\system32\DRIVERS\hcw72ADFilter.sys --> C:\Windows\system32\DRIVERS\hcw72ADFilter.sys [?]S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\system32\DRIVERS\hcw72ATV.sys --> C:\Windows\system32\DRIVERS\hcw72ATV.sys [?]S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\system32\DRIVERS\hcw72DTV.sys --> C:\Windows\system32\DRIVERS\hcw72DTV.sys [?]S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-23 166400]S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-23 128512]S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-6 1153368]S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104]S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952]S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304]S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048]S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432]S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960]S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496]S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264]S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672]S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888].=============== Created Last 30 ================.2012-08-16 15:10:47 -------- d-sh--w- C:\$RECYCLE.BIN2012-08-16 15:03:15 -------- d-----w- C:\Users\Anthony\AppData\Local\temp2012-08-16 14:39:01 -------- d-----w- C:\ComboFix2012-08-16 03:37:09 -------- d-----w- C:\FRST2012-08-15 16:00:19 -------- d-----w- C:\Program Files\Microsoft Device Center2012-08-15 15:59:38 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys2012-08-15 15:21:04 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\symds64.sys2012-08-15 15:21:04 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys2012-08-15 15:21:04 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys2012-08-15 15:21:04 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symefa64.sys2012-08-15 15:21:03 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys2012-08-15 15:21:03 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ironx64.sys2012-08-15 15:21:03 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys2012-08-15 15:20:42 -------- d-----w- C:\Windows\System32\drivers\NISx64\1308000.00E2012-08-15 04:38:21 -------- d-----w- C:\NBRT2012-08-15 00:29:39 -------- d-----w- C:\Users\Anthony\AppData\Local\NPE2012-08-14 23:01:33 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys2012-08-12 17:06:56 -------- d-----w- C:\Users\Anthony\AppData\Local\Risen2012-08-12 16:37:40 -------- d-----w- C:\Program Files (x86)\Deep Silver2012-08-01 03:51:50 -------- d-----w- C:\Program Files (x86)\Microsoft Corporation2012-07-26 17:05:44 -------- d-----w- C:\Users\Anthony\AppData\Local\HRSToolbar.==================== Find3M ====================.2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll2012-07-03 19:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-06-27 03:38:30 46176 ----a-w- C:\Windows\System32\drivers\point64.sys2012-06-27 03:38:30 23648 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys2012-06-25 22:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll2012-06-17 00:35:57 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys2012-06-17 00:35:57 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys2012-06-06 14:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2012-05-28 13:09:04 52320 ----a-w- C:\Windows\System32\drivers\dc3d.sys2012-05-28 13:09:04 2168416 ----a-w- C:\Windows\System32\coin91.dll2012-05-19 16:08:01 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-19 16:08:01 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-05-19 16:00:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS.============= FINISH: 13:32:45.09 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 11/1/2009 8:04:48 PMSystem Uptime: 8/16/2012 9:09:46 AM (4 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 290 GiB total, 158.975 GiB free.E: is RemovableF: is RemovableG: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.Adobe AIRAdobe Reader X (10.1.0)Adobe Shockwave Player 11.5Amazon Games & Software DownloaderAtheros Client Installation ProgramAURA Fate of the AgesBing HRS ToolbarBufferChmC4600Compatibility Pack for the 2007 Office systemCreative ZEN MX DocumentationDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestinationsDeviceDiscoveryDragonsphereEpson Event ManagerEPSON ScanFile UploaderFree M4a to MP3 Converter 6.2Free WAV To MP3 Converter 2.1Free WMA to MP3 Converter 1.16Google ChromeGoogle EarthGoogle Update HelperGPBaseService2HP UpdateHPPhotoGadgethpPrintProjectsHPProductAssistanthpWLPGInstallerHTC BMP USB DriverHTC Driver InstallerHTC SyncIntel® Rapid Storage TechnologyJava Auto UpdaterMalwarebytes Anti-Malware version 1.62.0.1300MarketResearchMediaMonkey 3.2Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Visio MUI (English) 2007Microsoft Office Visio Professional 2007Microsoft Office Word MUI (English) 2010Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Move Media PlayerMozilla Firefox 14.0.1 (x86 en-US)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB973685)Nikon Message CenterNikon TransferNVIDIA PhysXOpera 12.00PS_AIO_05_C4600_Software_MinRarZilla Free UnrarrealMystRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealtek High Definition Audio DriverRealUpgrade 1.1RisenRiven The sequel to MystScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553260) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589322) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSmartWebPrintingSolutionCenterSpybot - Search & DestroyStatusText Twist 2 1.00ToolboxTrayAppUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553270) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553272) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598289) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2589345) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553248) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionVAIO CareVAIO UpdateVU5x86Wav to Mp3WebRegWinampWinamp Detector Plug-inYahoo! Messenger.==== Event Viewer Messages From Past Week ========.8/16/2012 9:10:25 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.8/16/2012 9:10:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect.8/16/2012 9:10:22 AM, Error: Service Control Manager [7000] - The HsfXAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.8/16/2012 9:01:31 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.8/16/2012 8:57:55 AM, Error: Service Control Manager [7022] - The Intel® Sample Collector service hung on starting.8/16/2012 8:52:49 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.8/16/2012 8:51:31 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.8/16/2012 8:50:28 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.8/16/2012 8:41:42 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.8/16/2012 8:32:32 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).8/16/2012 8:32:32 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).8/16/2012 8:20:57 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21470248918/16/2012 8:20:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-21470248918/16/2012 8:16:54 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..8/15/2012 8:27:17 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread8/15/2012 11:11:20 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.8/15/2012 11:11:20 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.8/15/2012 11:09:37 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.8/15/2012 11:09:37 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.8/15/2012 10:16:45 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.8/15/2012 10:16:43 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.8/15/2012 10:16:43 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.8/15/2012 10:01:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596856).8/14/2012 6:33:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.8/14/2012 6:33:54 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.8/14/2012 6:33:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.8/10/2012 10:20:42 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR8..==== End Of File ===========================Just wanting to make sure if there's anything else out of the ordinary or that my system probably just needs to be optimized. Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2012 ID:586207 Share Posted August 16, 2012 Full Path: c:\frst\quarantine\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\u\80000064.@That's OK, it's already in quarantine.~~~~~~~~~~~~~~~~~~~~A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comhttp://www.itxassociates.com/OT-Tools/OTL.exeSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
anm81 Posted August 16, 2012 Author ID:586271 Share Posted August 16, 2012 System running smoothly once again. Thanks for all your assistance. Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2012 ID:586275 Share Posted August 16, 2012 OK...Take Care MrC Link to post Share on other sites More sharing options...
LDTate Posted August 17, 2012 ID:586471 Share Posted August 17, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts