Jump to content

trojan.zeroaccess!inf infection


Recommended Posts

Symantec gave me a warning of a trojan.zeroaccess!inf but was unable to remove it. This particular bug apparently installs new malware on the PC even after running various anti-malware programs to rid of the previous malware.

I am using Windows 7 Home Prem. 64-bit SP1 with Intel Core 2 Duo processor t6600 2.2 GHz (each)

[sony VAIO - VGN-NW270F ]

Link to post
Share on other sites

Full Path: c:\windows\system32\services.exe

Threat: Trojan.Zeroaccess!inf4

____________________________

____________________________

On computers as of 8/14/2012 at 4:57:30 PM

Last Used 8/15/2012 at 8:22:26 AM

Startup Item No

Launched No

____________________________

____________________________

Many Users

Thousands of users in the Norton Community have used this file.

____________________________

Mature

This file was released 3 months ago.

____________________________

High

This file risk is high.

____________________________

Threat Details

Threat type: Spyware. Programs that actively track and send personal or confidential information to third parties.

____________________________

Source File:

services.exe

____________________________

File Actions

Infected file: c:\windows\system32\services.exe

Manual removal required

____________________________

File Thumbprint - SHA:

63541e3432fce953f266ae553e7a394978d6ee3db52388d885f668cf42c5e7e2

____________________________

File Thumbprint - MD5:

014a9cb92514e27c0107614df764bc06

____________________________

Full Path: c:\windows\system32\services.exe

Threat: Trojan.Zeroaccess!inf4

____________________________

____________________________

On computers as of 8/14/2012 at 7:57:07 PM

Last Used 8/14/2012 at 7:59:08 PM

Startup Item No

Launched No

____________________________

____________________________

Many Users

Thousands of users in the Norton Community have used this file.

____________________________

Mature

This file was released 3 months ago.

____________________________

High

This file risk is high.

____________________________

Threat Details

Threat type: Spyware. Programs that actively track and send personal or confidential information to third parties.

____________________________

Source File:

services.exe

____________________________

File Actions

File: c:\windows\system32\services.exe

No fix attempted

Infected file: c:\windows\system32\services.exe

Manual removal required

____________________________

File Thumbprint - SHA:

63541e3432fce953f266ae553e7a394978d6ee3db52388d885f668cf42c5e7e2

____________________________

File Thumbprint - MD5:

014a9cb92514e27c0107614df764bc06

____________________________

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Here are the logs from the dot.com diagnostic:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Anthony at 18:58:14 on 2012-08-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6224 [GMT -6:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Apoint\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Device Center\itype.exe

C:\Program Files\Microsoft Device Center\ipoint.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Sony\VAIO Care\collsvc.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Program Files\Sony\VAIO Care\Admload.exe

C:\Program Files (x86)\Opera\opera.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\WSCStub.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - mscoree.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

TB: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - mscoree.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495} : DhcpNameServer = 208.180.42.100 208.180.42.68

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2516D6164616 : DhcpNameServer = 172.20.100.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2656C6B696E6E2732683 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\3555444454E4C494E4B4E2E45445D253635453 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\54E67456E6965737146344333334 : DhcpNameServer = 69.6.190.10 69.6.190.11

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - mscoree.dll

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

TB-X64: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - mscoree.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\m6cyqaim.default\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Anthony\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-8-10 1385120]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120815.002\IDSviA64.sys [2012-8-15 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-19 13336]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-15 138272]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]

R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]

R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-1-30 167424]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-11 138912]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-19 44736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-5-21 401920]

S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\system32\DRIVERS\hcw72ADFilter.sys --> C:\Windows\system32\DRIVERS\hcw72ADFilter.sys [?]

S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\system32\DRIVERS\hcw72ATV.sys --> C:\Windows\system32\DRIVERS\hcw72ATV.sys [?]

S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\system32\DRIVERS\hcw72DTV.sys --> C:\Windows\system32\DRIVERS\hcw72DTV.sys [?]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-23 166400]

S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-23 128512]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]

S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]

S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]

S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-6 1153368]

S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104]

S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952]

S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304]

S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048]

S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432]

S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960]

S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496]

S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]

S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264]

S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672]

S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888]

.

=============== Created Last 30 ================

.

2012-08-15 16:00:19 -------- d-----w- C:\Program Files\Microsoft Device Center

2012-08-15 15:59:38 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2012-08-15 15:21:04 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\symds64.sys

2012-08-15 15:21:04 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys

2012-08-15 15:21:04 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys

2012-08-15 15:21:04 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symefa64.sys

2012-08-15 15:21:03 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys

2012-08-15 15:21:03 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ironx64.sys

2012-08-15 15:21:03 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys

2012-08-15 15:20:42 -------- d-----w- C:\Windows\System32\drivers\NISx64\1308000.00E

2012-08-15 04:38:21 -------- d-----w- C:\NBRT

2012-08-15 00:29:39 -------- d-----w- C:\Users\Anthony\AppData\Local\NPE

2012-08-14 23:01:33 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys

2012-08-12 17:06:56 -------- d-----w- C:\Users\Anthony\AppData\Local\Risen

2012-08-12 16:37:40 -------- d-----w- C:\Program Files (x86)\Deep Silver

2012-08-01 03:51:50 -------- d-----w- C:\Program Files (x86)\Microsoft Corporation

2012-07-26 17:05:44 -------- d-----w- C:\Users\Anthony\AppData\Local\HRSToolbar

.

==================== Find3M ====================

.

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-07-03 19:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-27 03:38:30 46176 ----a-w- C:\Windows\System32\drivers\point64.sys

2012-06-27 03:38:30 23648 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys

2012-06-25 22:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-17 00:35:57 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys

2012-06-17 00:35:57 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys

2012-06-06 14:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-28 13:09:04 52320 ----a-w- C:\Windows\System32\drivers\dc3d.sys

2012-05-28 13:09:04 2168416 ----a-w- C:\Windows\System32\coin91.dll

2012-05-19 16:08:01 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-19 16:08:01 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-19 16:00:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

.

============= FINISH: 19:01:13.95 ===============

attach.txt

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/1/2009 8:04:48 PM

System Uptime: 8/15/2012 5:17:27 PM (2 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 290 GiB total, 159.123 GiB free.

E: is Removable

F: is Removable

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Reader X (10.1.0)

Adobe Shockwave Player 11.5

Amazon Games & Software Downloader

Atheros Client Installation Program

AURA Fate of the Ages

Bing HRS Toolbar

BufferChm

C4600

Compatibility Pack for the 2007 Office system

Creative ZEN MX Documentation

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

Dragonsphere

Epson Event Manager

EPSON Scan

File Uploader

Free M4a to MP3 Converter 6.2

Free WAV To MP3 Converter 2.1

Free WMA to MP3 Converter 1.16

Google Chrome

Google Earth

Google Update Helper

GPBaseService2

HP Update

HPPhotoGadget

hpPrintProjects

HPProductAssistant

hpWLPGInstaller

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

Intel® Rapid Storage Technology

Java Auto Updater

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

MediaMonkey 3.2

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Move Media Player

Mozilla Firefox 14.0.1 (x86 en-US)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

Nikon Message Center

Nikon Transfer

NVIDIA PhysX

Opera 12.00

PS_AIO_05_C4600_Software_Min

RarZilla Free Unrar

realMyst

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Risen

Riven The sequel to Myst

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

SmartWebPrinting

SolutionCenter

Spybot - Search & Destroy

Status

Text Twist 2 1.00

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VAIO Care

VAIO Update

VU5x86

Wav to Mp3

WebReg

Winamp

Winamp Detector Plug-in

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

8/15/2012 8:10:07 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

8/15/2012 5:53:12 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/15/2012 5:53:12 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/15/2012 5:17:59 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/15/2012 5:17:56 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/15/2012 5:17:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect.

8/15/2012 5:17:56 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/15/2012 5:17:56 PM, Error: Service Control Manager [7000] - The HsfXAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/15/2012 10:08:37 AM, Error: Service Control Manager [7022] - The Intel® Sample Collector service hung on starting.

8/15/2012 10:01:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596856).

8/15/2012 1:28:59 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

8/14/2012 6:33:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

8/14/2012 6:33:54 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

8/14/2012 6:33:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

8/12/2012 7:37:01 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/10/2012 10:20:42 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR8.

.

==== End Of File ===========================

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Anthony [Admin rights]

Mode: Scan -- Date: 08/15/2012 19:13:06

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Anthony\AppData\Local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\anthony\appdata\local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\anthony\appdata\local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\anthony\appdata\local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM320II +++++

--- User ---

[MBR] aaaa1486c449d57391cef53c1ec6feaa

[bSP] f96d0e4853ed529bedf60ed08daf3644 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8093 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16576512 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16781312 | Size: 297050 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.<-------

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool Version: 15-08-2012

Ran by SYSTEM at 15-08-2012 19:37:43

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-23] (Realtek Semiconductor)

HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-23] (Realtek Semiconductor Corp.)

HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [165912 2012-05-19] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2012-05-19] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2012-05-19] (Intel Corporation)

HKLM\...\Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)

HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)

HKLM-x32\...\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [79872 2009-08-26] (Sony Electronics Corporation)

HKLM-x32\...\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317288 2009-05-26] (Sony Corporation)

HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)

HKLM-x32\...\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)

HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()

HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)

HKU\Guest\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin [1475584 2010-11-20] (Microsoft Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

4 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)

2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)

2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()

4 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2009-06-26] (Sonic Solutions)

4 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2009-06-26] (Sonic Solutions)

2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-09-02] (Realtek Semiconductor)

2 SampleCollector; "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata" [167424 2009-09-16] (Intel Corporation)

4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

4 SOHDBSvr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-07-27] (Sony Corporation)

4 SOHPlMgr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-07-27] (Sony Corporation)

4 Symantec RemoteAssist; "C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe" [394704 2008-01-29] (Symantec, Inc.)

4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)

4 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2009-07-23] (Sony Corporation)

4 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [313264 2009-07-23] (Sony Corporation)

4 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [206336 2009-07-23] (Sony Corporation)

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2012-06-16] ()

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [1385120 2012-08-10] (Symantec Corporation)

1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-11] (Symantec Corporation)

3 hcw72ADFilter; C:\Windows\System32\Drivers\hcw72ADFilter.sys [38656 2010-04-23] (Hauppauge Computer Works, Inc.)

3 hcw72ATV; C:\Windows\System32\Drivers\hcw72ATV.sys [1631488 2010-04-23] (Hauppauge Computer Works, Inc.)

3 hcw72DTV; C:\Windows\System32\Drivers\hcw72DTV.sys [1634176 2010-04-23] (Hauppauge Computer Works, Inc.)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120815.002\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)

2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2012-06-16] ()

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120815.002\ENG64.SYS [120440 2012-08-15] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120815.002\EX64.SYS [2068600 2012-08-15] (Symantec Corporation)

2 rimsptsk; C:\Windows\system32\DRIVERS\rimssn64.sys [86528 2009-07-31] (REDC)

2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)

1 SRTSP; C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMDS64.SYS [451192 2012-03-28] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-05-19] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)

3 SYMFW; [x]

3 SYMNDISV; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-15 19:37 - 2012-08-15 19:37 - 00000000 ____D C:\FRST

2012-08-15 17:13 - 2012-08-15 17:13 - 00002030 ____A C:\Users\Anthony\Desktop\RKreport[1].txt

2012-08-15 17:11 - 2012-08-15 17:13 - 00000000 ____D C:\Users\Anthony\Desktop\RK_Quarantine

2012-08-15 17:10 - 2012-08-15 17:10 - 01558528 ____A C:\Users\Anthony\Desktop\RogueKiller.exe

2012-08-15 16:56 - 2012-08-15 16:56 - 00607260 ____R (Swearware) C:\Users\Anthony\Desktop\dds.com

2012-08-15 08:00 - 2012-08-15 08:00 - 00000000 ____D C:\Program Files\Microsoft Device Center

2012-08-15 07:59 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys

2012-08-15 07:56 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-15 07:56 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-15 07:56 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-15 07:56 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-15 07:56 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-15 07:56 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-15 07:56 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-15 07:56 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-15 07:56 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-15 07:56 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-15 07:56 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-15 07:56 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-15 07:56 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-15 07:56 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-15 07:56 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-15 07:56 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-15 07:56 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-15 07:56 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-15 07:56 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-15 07:56 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-15 07:56 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-15 07:56 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-15 07:56 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-15 07:56 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-15 07:56 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-15 07:56 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-15 07:56 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-15 07:56 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-15 06:23 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-08-15 06:23 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-08-15 06:23 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-08-15 06:23 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-08-15 06:23 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-08-15 06:23 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-08-15 06:23 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll

2012-08-15 06:23 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll

2012-08-15 06:23 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2012-08-15 06:23 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2012-08-15 06:23 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe

2012-08-15 06:23 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe

2012-08-15 06:23 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2012-08-14 20:38 - 2012-08-14 20:38 - 00000000 ____D C:\NBRT

2012-08-14 16:29 - 2012-08-14 17:55 - 00000000 ____D C:\Users\Anthony\AppData\Local\NPE

2012-08-14 15:01 - 2012-08-15 15:16 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys

2012-08-12 09:06 - 2012-08-12 09:07 - 00000000 ____D C:\Users\Anthony\AppData\Local\Risen

2012-08-12 08:37 - 2012-08-12 08:37 - 00000000 ____D C:\Program Files (x86)\Deep Silver

2012-07-31 21:17 - 2012-07-31 21:17 - 00000000 ____D C:\Windows\Sun

2012-07-31 19:51 - 2012-07-31 19:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Corporation

2012-07-31 10:45 - 2012-07-31 10:45 - 00000025 ____A C:\Users\Anthony\Desktop\sharepoint.txt

2012-07-26 09:05 - 2012-07-26 09:05 - 00000000 ____D C:\Users\Anthony\AppData\Local\HRSToolbar

2012-07-25 18:24 - 2012-07-25 18:25 - 03287189 ____A C:\Users\Anthony\Downloads\Toolbar_v3.8.0.zip

2012-07-20 10:15 - 2008-05-29 18:55 - 00000000 ____D C:\Users\Public\Downloads\Mazz - Los Temas Mas Inolvidables

2012-07-19 22:38 - 2012-07-19 22:38 - 00000211 ____A C:\Users\Anthony\Desktop\lakdhg.txt

2012-07-17 14:44 - 2012-08-05 13:12 - 00000028 ____A C:\Users\Anthony\Desktop\psswrd.txt

2012-07-17 14:34 - 2012-07-17 14:34 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-17 14:34 - 2012-07-17 14:34 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Mozilla

============ 3 Months Modified Files ========================

2012-08-15 17:33 - 2009-09-09 23:35 - 01250524 ____A C:\Windows\WindowsUpdate.log

2012-08-15 17:13 - 2012-08-15 17:13 - 00002030 ____A C:\Users\Anthony\Desktop\RKreport[1].txt

2012-08-15 17:10 - 2012-08-15 17:10 - 01558528 ____A C:\Users\Anthony\Desktop\RogueKiller.exe

2012-08-15 16:56 - 2012-08-15 16:56 - 00607260 ____R (Swearware) C:\Users\Anthony\Desktop\dds.com

2012-08-15 15:25 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-15 15:25 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-15 15:17 - 2012-05-19 09:19 - 00013383 ____A C:\Windows\setupact.log

2012-08-15 15:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-15 15:16 - 2012-08-14 15:01 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys

2012-08-15 14:27 - 2012-05-19 09:19 - 00034912 ____A C:\Windows\PFRO.log

2012-08-15 08:24 - 2010-01-30 10:47 - 00000039 ____A C:\Windows\vbaddin.ini

2012-08-15 08:04 - 2009-07-13 20:45 - 00474008 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-15 07:54 - 2009-11-04 16:44 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-08-15 07:31 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-15 07:26 - 2009-09-03 01:29 - 00002501 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk

2012-08-12 08:42 - 2012-06-16 16:35 - 00032310 ____A C:\Windows\DirectX.log

2012-08-05 13:12 - 2012-07-17 14:44 - 00000028 ____A C:\Users\Anthony\Desktop\psswrd.txt

2012-07-31 10:45 - 2012-07-31 10:45 - 00000025 ____A C:\Users\Anthony\Desktop\sharepoint.txt

2012-07-27 11:00 - 2012-02-07 18:15 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-25 18:25 - 2012-07-25 18:24 - 03287189 ____A C:\Users\Anthony\Downloads\Toolbar_v3.8.0.zip

2012-07-19 22:38 - 2012-07-19 22:38 - 00000211 ____A C:\Users\Anthony\Desktop\lakdhg.txt

2012-07-18 10:15 - 2012-08-15 06:23 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-17 14:34 - 2012-07-17 14:34 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-10 14:15 - 2012-07-10 14:15 - 00264336 ____A C:\Windows\msxml4-KB2721691-enu.LOG

2012-07-06 12:07 - 2012-08-15 07:59 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys

2012-07-04 14:16 - 2012-08-15 06:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 14:13 - 2012-08-15 06:23 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 14:13 - 2012-08-15 06:23 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-04 13:16 - 2012-08-15 06:23 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-07-04 13:14 - 2012-08-15 06:23 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-07-03 11:46 - 2012-02-07 18:15 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-28 20:55 - 2012-08-15 07:56 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-28 20:09 - 2012-08-15 07:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-28 19:56 - 2012-08-15 07:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-28 19:49 - 2012-08-15 07:56 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-28 19:49 - 2012-08-15 07:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-28 19:48 - 2012-08-15 07:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-28 19:47 - 2012-08-15 07:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-28 19:45 - 2012-08-15 07:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-28 19:44 - 2012-08-15 07:56 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-28 19:43 - 2012-08-15 07:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-28 19:42 - 2012-08-15 07:56 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-28 19:40 - 2012-08-15 07:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-28 19:39 - 2012-08-15 07:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-28 19:35 - 2012-08-15 07:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-28 16:52 - 2012-08-15 07:56 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-28 16:27 - 2012-08-15 07:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-28 16:16 - 2012-08-15 07:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-28 16:09 - 2012-08-15 07:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-28 16:09 - 2012-08-15 07:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-28 16:08 - 2012-08-15 07:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-28 16:07 - 2012-08-15 07:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-28 16:06 - 2012-08-15 07:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-28 16:04 - 2012-08-15 07:56 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-28 16:04 - 2012-08-15 07:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-28 16:01 - 2012-08-15 07:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-28 16:01 - 2012-08-15 07:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-28 16:00 - 2012-08-15 07:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-28 15:57 - 2012-08-15 07:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-26 19:38 - 2012-06-26 19:38 - 00046176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\point64.sys

2012-06-26 19:38 - 2012-06-26 19:38 - 00023648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nuidfltr.sys

2012-06-25 14:04 - 2012-06-25 14:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll

2012-06-18 06:31 - 2009-11-01 16:53 - 00317425 ____N C:\Windows\Minidump\061812-38969-01.dmp

2012-06-17 17:56 - 2012-06-17 17:56 - 00001082 ____A C:\Users\Public\Desktop\HTC Sync.lnk

2012-06-17 17:54 - 2012-06-17 17:54 - 00017558 ____A C:\Windows\DPINST.LOG

2012-06-17 13:53 - 2012-01-09 19:30 - 00007596 ____A C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg

2012-06-16 16:35 - 2012-06-16 16:35 - 00314016 ____A C:\Windows\System32\Drivers\atksgt.sys

2012-06-16 16:35 - 2012-06-16 16:35 - 00043680 ____A C:\Windows\System32\Drivers\lirsgt.sys

2012-06-15 22:02 - 2012-06-15 22:02 - 00849056 ____A (Amazon Services LLC) C:\Users\Anthony\Downloads\Risen_Downloader.exe

2012-06-14 13:32 - 2009-11-07 05:31 - 00000979 ____A C:\Users\Public\Desktop\Winamp.lnk

2012-06-14 13:31 - 2012-06-14 13:31 - 12062848 ____A (Nullsoft, Inc.) C:\Users\Anthony\Downloads\winamp5623_pro_en-us.exe

2012-06-08 21:43 - 2012-07-10 12:54 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-10 12:54 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-06 06:49 - 2012-06-06 06:49 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX

2012-06-05 22:06 - 2012-07-10 12:54 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-10 12:54 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-10 12:54 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-10 12:54 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-10 12:54 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-10 12:54 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 14:19 - 2012-06-21 07:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-21 07:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-21 07:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-21 07:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-21 07:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-21 07:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-21 07:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:00 - 2012-06-02 14:00 - 00010741 ____A C:\Users\Anthony\Documents\QuikPAY® Payment Receipt.htm

2012-06-02 13:19 - 2012-06-21 07:13 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 13:15 - 2012-06-21 07:13 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-01 21:50 - 2012-07-10 12:54 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-10 12:54 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-10 12:54 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-10 12:54 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-10 12:54 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-10 12:54 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-10 12:54 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-10 12:54 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-10 12:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-28 08:45 - 2012-05-19 12:12 - 00000000 ____A C:\Windows\Model.log

2012-05-28 08:45 - 2010-01-30 11:18 - 00000022 ____A C:\Windows\Model.txt

2012-05-28 05:09 - 2012-05-28 05:09 - 02168416 ____A (Microsoft Corporation) C:\Windows\System32\coin91.dll

2012-05-28 05:09 - 2012-05-28 05:09 - 00052320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dc3d.sys

2012-05-21 22:06 - 2012-05-21 22:06 - 00001079 ____A C:\Users\Anthony\Desktop\AURA Fate of the Ages.lnk

2012-05-21 07:02 - 2012-05-18 22:04 - 00000268 ____A C:\Windows\QTW.ini

2012-05-20 09:09 - 2012-05-20 09:09 - 00001529 ____A C:\Users\Anthony\Desktop\Riven - Shortcut.lnk

2012-05-19 17:24 - 2012-05-19 17:23 - 00002153 ____A C:\RHDSetup.log

2012-05-19 12:26 - 2009-08-18 15:26 - 00014338 ____A C:\Windows\System32\results.xml

2012-05-19 12:23 - 2012-05-19 12:23 - 08095232 ____A (Intel Corporation) C:\Windows\System32\ig4icd64.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 07370176 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys

2012-05-19 12:23 - 2012-05-19 12:23 - 06042112 ____A (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 05694976 ____A (Intel Corporation) C:\Windows\System32\igfxress.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 05616640 ____A (Intel Corporation) C:\Windows\System32\igdumd64.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 05195776 ____A (Intel Corporation) C:\Windows\System32\ig4dev64.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 04233728 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 03839488 ____A (Intel Corporation) C:\Windows\SysWOW64\ig4dev32.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 03799040 ____A (Intel Corporation) C:\Windows\System32\igd10umd64.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 03646976 ____A (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 01991936 ____A C:\Windows\System32\iglhxa64.cpa

2012-05-19 12:23 - 2012-05-19 12:23 - 01312768 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v1872.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 00845848 ____A (Intel Corporation) C:\Windows\System32\igfxcfg.exe

2012-05-19 12:23 - 2012-05-19 12:23 - 00549888 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumdx32.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 00491032 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe

2012-05-19 12:23 - 2012-05-19 12:23 - 00387608 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe

2012-05-19 12:23 - 2012-05-19 12:23 - 00371712 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 00365592 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe

2012-05-19 12:23 - 2012-05-19 12:23 - 00312832 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00306688 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00305664 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00305664 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00305152 ____A (Intel Corporation) C:\Windows\System32\igfxresp.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00301568 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00296960 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00293376 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00291328 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00290304 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00289792 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00284672 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00284672 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00284672 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00283136 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00282624 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00282112 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00281088 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00279552 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00278016 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00264704 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00254464 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00251904 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00246272 ____A (Intel Corporation) C:\Windows\System32\igfxpph.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 00217088 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 00215576 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe

2012-05-19 12:23 - 2012-05-19 12:23 - 00208896 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00207360 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00181760 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00180224 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc

2012-05-19 12:23 - 2012-05-19 12:23 - 00165912 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe

2012-05-19 12:23 - 2012-05-19 12:23 - 00142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 00125952 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl

2012-05-19 12:23 - 2012-05-19 12:23 - 00106008 ____A (Intel Corporation) C:\Windows\System32\difx64.exe

2012-05-19 12:23 - 2012-05-19 12:23 - 00059484 ____A C:\Windows\System32\iglhxc64.vp

2012-05-19 12:23 - 2012-05-19 12:23 - 00059392 ____A (Intel Corporation) C:\Windows\SysWOW64\oemdspif.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 00059315 ____A C:\Windows\System32\iglhxo64.vp

2012-05-19 12:23 - 2012-05-19 12:23 - 00058840 ____A C:\Windows\System32\iglhxg64.vp

2012-05-19 12:23 - 2012-05-19 12:23 - 00027648 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll

2012-05-19 12:23 - 2012-05-19 12:23 - 00004448 ____A C:\Windows\System32\iglhxs64.vp

2012-05-19 12:23 - 2012-05-19 12:23 - 00001090 ____A C:\Windows\System32\iglhxa64.vp

2012-05-19 12:23 - 2009-08-18 15:46 - 00259584 ____A (Intel Corporation) C:\Windows\System32\igfxdev.dll

2012-05-19 12:23 - 2009-08-18 15:46 - 00108544 ____A (Intel Corporation) C:\Windows\System32\hccutils.dll

2012-05-19 12:23 - 2009-08-18 15:46 - 00055808 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.dll

2012-05-19 12:23 - 2009-08-18 15:18 - 01002008 ____A (Intel Corporation) C:\Windows\SysWOW64\igxpun.exe

2012-05-19 09:19 - 2012-05-19 09:19 - 00000000 ____A C:\Windows\setuperr.log

2012-05-19 08:30 - 2012-05-19 08:30 - 00035258 ____A C:\test.xml

2012-05-19 08:08 - 2012-03-31 05:31 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-05-19 08:08 - 2011-06-15 22:07 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-05-19 08:00 - 2009-11-03 03:56 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS

2012-05-19 08:00 - 2009-11-03 03:56 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT

ZeroAccess:

C:\Windows\Installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}

C:\Windows\Installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\@

C:\Windows\Installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\L

C:\Windows\Installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\U

C:\Windows\Installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\U\80000064.@

ZeroAccess:

C:\Users\Anthony\AppData\Local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}

C:\Users\Anthony\AppData\Local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\@

C:\Users\Anthony\AppData\Local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\L

C:\Users\Anthony\AppData\Local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%

Total physical RAM: 8031.02 MB

Available physical RAM: 7247.45 MB

Total Pagefile: 8029.17 MB

Available Pagefile: 7245.11 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:290.09 GB) (Free:158.58 GB) NTFS

2 Drive e: (Recovery) (Fixed) (Total:7.9 GB) (Free:0.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (Aug 15 2012) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 8093 MB 1024 KB

Partition 2 Primary 100 MB 8094 MB

Partition 3 Primary 290 GB 8 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E Recovery NTFS Partition 8093 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 290 GB Healthy

==================================================================================

Last Boot: 2012-08-08 11:43

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 15-08-2012

Ran by SYSTEM at 2012-08-15 19:39:37

Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\ERDNT\cache64\services.exe

[2012-02-06 12:51] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012

Ran by SYSTEM at 2012-08-15 20:30:01 Run:1

Running from F:\

==============================================

C:\Windows\Installer\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd} moved successfully.

C:\Users\Anthony\AppData\Local\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd} moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-08-16.01 - Anthony 08/16/2012 8:41.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6371 [GMT -6:00]

Running from: c:\users\Anthony\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Deep Silver\Risen\bin\Dialogs.dll

c:\program files (x86)\Deep Silver\Risen\bin\FFC.dll

c:\program files (x86)\Deep Silver\Risen\bin\FFCore.dll

c:\program files (x86)\Deep Silver\Risen\bin\FileSystem2.dll

c:\program files (x86)\Deep Silver\Risen\bin\GUI2.dll

c:\program files (x86)\Deep Silver\Risen\bin\Music.dll

c:\program files (x86)\Deep Silver\Risen\bin\Risen.exe

c:\program files (x86)\Deep Silver\Risen\bin\SCM.dll

c:\program files (x86)\Deep Silver\Risen\bin\SharedBase.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))

.

.

2012-08-16 14:51 . 2012-08-16 14:54 -------- d-----w- c:\users\Anthony\AppData\Local\temp

2012-08-16 14:51 . 2012-08-16 14:51 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-08-16 14:51 . 2012-08-16 14:51 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-08-16 14:51 . 2012-08-16 14:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-16 03:37 . 2012-08-16 03:37 -------- d-----w- C:\FRST

2012-08-15 16:00 . 2012-08-15 16:00 -------- d-----w- c:\program files\Microsoft Device Center

2012-08-15 15:59 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-15 15:20 . 2012-08-15 19:29 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E

2012-08-15 04:38 . 2012-08-15 04:38 -------- d-----w- C:\NBRT

2012-08-15 00:29 . 2012-08-15 01:55 -------- d-----w- c:\users\Anthony\AppData\Local\NPE

2012-08-14 23:01 . 2012-08-15 23:16 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-08-12 17:06 . 2012-08-12 17:07 -------- d-----w- c:\users\Anthony\AppData\Local\Risen

2012-08-12 16:37 . 2012-08-12 16:37 -------- d-----w- c:\program files (x86)\Deep Silver

2012-08-01 05:17 . 2012-08-01 05:17 -------- d-----w- c:\windows\Sun

2012-08-01 03:51 . 2012-08-01 03:51 -------- d-----w- c:\program files (x86)\Microsoft Corporation

2012-07-26 17:05 . 2012-07-26 17:05 -------- d-----w- c:\users\Anthony\AppData\Local\HRSToolbar

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 10:27 . 2009-11-05 00:44 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 19:46 . 2012-02-08 02:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-27 03:38 . 2012-06-27 03:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys

2012-06-27 03:38 . 2012-06-27 03:38 23648 ----a-w- c:\windows\system32\drivers\nuidfltr.sys

2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-17 00:35 . 2012-06-17 00:35 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2012-06-17 00:35 . 2012-06-17 00:35 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys

2012-06-09 05:43 . 2012-07-10 20:54 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 14:49 . 2012-06-06 14:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06 . 2012-07-10 20:54 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-10 20:54 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-10 20:54 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-10 20:54 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-10 20:54 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-10 20:54 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-21 15:14 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 15:14 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 15:14 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 15:14 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 15:14 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 15:14 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 15:14 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19 . 2012-06-21 15:13 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:15 . 2012-06-21 15:13 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-10 20:54 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-10 20:54 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-10 20:54 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-10 20:54 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-10 20:54 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-10 20:54 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-10 20:54 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-10 20:54 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-10 20:54 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-28 13:09 . 2012-05-28 13:09 52320 ----a-w- c:\windows\system32\drivers\dc3d.sys

2012-05-28 13:09 . 2012-05-28 13:09 2168416 ----a-w- c:\windows\system32\coin91.dll

2012-05-19 20:23 . 2012-05-19 20:23 845848 ----a-w- c:\windows\system32\igfxcfg.exe

2012-05-19 20:23 . 2012-05-19 20:23 8095232 ----a-w- c:\windows\system32\ig4icd64.dll

2012-05-19 20:23 . 2012-05-19 20:23 7370176 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2012-05-19 20:23 . 2012-05-19 20:23 6042112 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2012-05-19 20:23 . 2012-05-19 20:23 59392 ----a-w- c:\windows\SysWow64\oemdspif.dll

2012-05-19 20:23 . 2012-05-19 20:23 5694976 ----a-w- c:\windows\system32\igfxress.dll

2012-05-19 20:23 . 2012-05-19 20:23 5616640 ----a-w- c:\windows\system32\igdumd64.dll

2012-05-19 20:23 . 2012-05-19 20:23 549888 ----a-w- c:\windows\SysWow64\igdumdx32.dll

2012-05-19 20:23 . 2012-05-19 20:23 5195776 ----a-w- c:\windows\system32\ig4dev64.dll

2012-05-19 20:23 . 2012-05-19 20:23 491032 ----a-w- c:\windows\system32\igfxsrvc.exe

2012-05-19 20:23 . 2012-05-19 20:23 4233728 ----a-w- c:\windows\SysWow64\igdumd32.dll

2012-05-19 20:23 . 2012-05-19 20:23 387608 ----a-w- c:\windows\system32\hkcmd.exe

2012-05-19 20:23 . 2012-05-19 20:23 3839488 ----a-w- c:\windows\SysWow64\ig4dev32.dll

2012-05-19 20:23 . 2012-05-19 20:23 3799040 ----a-w- c:\windows\system32\igd10umd64.dll

2012-05-19 20:23 . 2012-05-19 20:23 371712 ----a-w- c:\windows\system32\igfxTMM.dll

2012-05-19 20:23 . 2012-05-19 20:23 365592 ----a-w- c:\windows\system32\igfxpers.exe

2012-05-19 20:23 . 2012-05-19 20:23 3646976 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2012-05-19 20:23 . 2012-05-19 20:23 312832 ----a-w- c:\windows\system32\igfxrell.lrc

2012-05-19 20:23 . 2012-05-19 20:23 306688 ----a-w- c:\windows\system32\igfxrita.lrc

2012-05-19 20:23 . 2012-05-19 20:23 305664 ----a-w- c:\windows\system32\igfxrfra.lrc

2012-05-19 20:23 . 2012-05-19 20:23 305664 ----a-w- c:\windows\system32\igfxrdeu.lrc

2012-05-19 20:23 . 2012-05-19 20:23 305152 ----a-w- c:\windows\system32\igfxresp.lrc

2012-05-19 20:23 . 2012-05-19 20:23 301568 ----a-w- c:\windows\system32\igfxrnld.lrc

2012-05-19 20:23 . 2012-05-19 20:23 296960 ----a-w- c:\windows\system32\igfxrptg.lrc

2012-05-19 20:23 . 2012-05-19 20:23 293376 ----a-w- c:\windows\system32\igfxrrus.lrc

2012-05-19 20:23 . 2012-05-19 20:23 291328 ----a-w- c:\windows\system32\igfxrptb.lrc

2012-05-19 20:23 . 2012-05-19 20:23 290304 ----a-w- c:\windows\system32\igfxrhun.lrc

2012-05-19 20:23 . 2012-05-19 20:23 289792 ----a-w- c:\windows\system32\igfxrplk.lrc

2012-05-19 20:23 . 2012-05-19 20:23 284672 ----a-w- c:\windows\system32\igfxrsve.lrc

2012-05-19 20:23 . 2012-05-19 20:23 284672 ----a-w- c:\windows\system32\igfxrsky.lrc

2012-05-19 20:23 . 2012-05-19 20:23 284672 ----a-w- c:\windows\system32\igfxrcsy.lrc

2012-05-19 20:23 . 2012-05-19 20:23 283136 ----a-w- c:\windows\system32\igfxrfin.lrc

2012-05-19 20:23 . 2012-05-19 20:23 282624 ----a-w- c:\windows\system32\igfxrdan.lrc

2012-05-19 20:23 . 2012-05-19 20:23 282112 ----a-w- c:\windows\system32\igfxrnor.lrc

2012-05-19 20:23 . 2012-05-19 20:23 281088 ----a-w- c:\windows\system32\igfxrtrk.lrc

2012-05-19 20:23 . 2012-05-19 20:23 279552 ----a-w- c:\windows\system32\igfxrslv.lrc

2012-05-19 20:23 . 2012-05-19 20:23 278016 ----a-w- c:\windows\system32\igfxrenu.lrc

2012-05-19 20:23 . 2012-05-19 20:23 27648 ----a-w- c:\windows\system32\igfxexps.dll

2012-05-19 20:23 . 2012-05-19 20:23 264704 ----a-w- c:\windows\system32\igfxrtha.lrc

2012-05-19 20:23 . 2012-05-19 20:23 254464 ----a-w- c:\windows\system32\igfxrara.lrc

2012-05-19 20:23 . 2012-05-19 20:23 251904 ----a-w- c:\windows\system32\igfxrheb.lrc

2012-05-19 20:23 . 2012-05-19 20:23 246272 ----a-w- c:\windows\system32\igfxpph.dll

2012-05-19 20:23 . 2012-05-19 20:23 217088 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2012-05-19 20:23 . 2012-05-19 20:23 215576 ----a-w- c:\windows\system32\igfxext.exe

2012-05-19 20:23 . 2012-05-19 20:23 208896 ----a-w- c:\windows\system32\igfxrjpn.lrc

2012-05-19 20:23 . 2012-05-19 20:23 207360 ----a-w- c:\windows\system32\igfxrkor.lrc

2012-05-19 20:23 . 2012-05-19 20:23 181760 ----a-w- c:\windows\system32\igfxrcht.lrc

2012-05-19 20:23 . 2012-05-19 20:23 180224 ----a-w- c:\windows\system32\igfxrchs.lrc

2012-05-19 20:23 . 2012-05-19 20:23 165912 ----a-w- c:\windows\system32\igfxtray.exe

2012-05-19 20:23 . 2012-05-19 20:23 142336 ----a-w- c:\windows\system32\igfxdo.dll

2012-05-19 20:23 . 2012-05-19 20:23 1312768 ----a-w- c:\windows\system32\igfxCoIn_v1872.dll

2012-05-19 20:23 . 2012-05-19 20:23 125952 ----a-w- c:\windows\system32\igfxcpl.cpl

2012-05-19 20:23 . 2012-05-19 20:23 106008 ----a-w- c:\windows\system32\difx64.exe

2012-05-19 20:23 . 2009-08-18 23:46 55808 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-05-19 20:23 . 2009-08-18 23:46 259584 ----a-w- c:\windows\system32\igfxdev.dll

2012-05-19 20:23 . 2009-08-18 23:46 108544 ----a-w- c:\windows\system32\hccutils.dll

2012-05-19 20:23 . 2009-08-18 23:18 1002008 ----a-w- c:\windows\SysWow64\igxpun.exe

2012-05-19 16:08 . 2012-03-31 13:31 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-19 16:08 . 2011-06-16 06:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-19 16:00 . 2009-11-03 11:56 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775d}]

2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{c9a6357b-25cc-4bcf-96c1-78736985d414}"= "mscoree.dll" [2010-11-05 297808]

.

[HKEY_CLASSES_ROOT\clsid\{c9a6357b-25cc-4bcf-96c1-78736985d414}]

[HKEY_CLASSES_ROOT\Microsoft.Search.HRSToolBar.HRSToolbar]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

2;2 SampleCollector;Intel® Sample Collector [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]

R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [2010-04-23 38656]

R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [2010-04-23 1631488]

R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [2010-04-23 1634176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 SYMNDISV;Symantec Network Filter Driver; [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1255736]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 133104]

R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 133104]

R4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]

R4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]

R4 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]

R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]

R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]

R4 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]

R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]

R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]

R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]

R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]

R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2012-03-29 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120815.002\IDSvia64.sys [2012-06-14 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-03 189984]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-12 138912]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264]

S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 08:28]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 08:28]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-19 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-19 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-19 365592]

"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]

"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\m6cyqaim.default\

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-85453673.sys

AddRemove-Riven The sequel to Myst_is1 - c:\program files (x86)\GOG.com\Riven\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Sony\VAIO Care\listener.exe

.

**************************************************************************

.

Completion time: 2012-08-16 09:03:13 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-16 15:03

.

Pre-Run: 169,781,456,896 bytes free

Post-Run: 170,654,294,016 bytes free

.

- - End Of File - - 185D91755410EAB93F8E18940DFD4ADA

Link to post
Share on other sites

Nothing detected by Malwarebytes:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.15.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Anthony :: ANTHONY-VAIO [administrator]

8/16/2012 10:01:50 AM

mbam-log-2012-08-16 (10-01-50).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 630605

Time elapsed: 3 hour(s), 8 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

However, Symantec did detect another bug during a routine scan:

Full Path: c:\frst\quarantine\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\u\80000064.@

Threat: Trojan.Gen

____________________________

____________________________

On computers as of Not Available

Last Used 8/16/2012 at 12:44:32 PM

Startup Item No

Launched No

____________________________

____________________________

Unknown

Number of users in the Norton Community that have used this file: Unknown

____________________________

Unknown

This file release is currently not known.

____________________________

High

This file risk is high.

____________________________

Threat Details

Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.

____________________________

____________________________

File Actions

File: c:\frst\quarantine\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\u\80000064.@

Removed

____________________________

File Thumbprint - SHA:

4290647695683b021db3fd232fecdafb47b909e2ca0839a20a3a0c1c70f9ef63

____________________________

File Thumbprint - MD5:

0115e9a964729df77d53362cf4e39886

____________________________

My PC is running slower than before. Programs either lag or completely freeze when loading.

I did another DDS.com scan. Here are the logs:

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Anthony at 13:29:29 on 2012-08-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.4406 [GMT -6:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Apoint\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Device Center\itype.exe

C:\Program Files\Microsoft Device Center\ipoint.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Sony\VAIO Care\collsvc.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Program Files\Sony\VAIO Care\Admload.exe

C:\Program Files (x86)\Opera\opera.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - mscoree.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

TB: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - mscoree.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495} : DhcpNameServer = 208.180.42.100 208.180.42.68

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2516D6164616 : DhcpNameServer = 172.20.100.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2656C6B696E6E2732683 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\3555444454E4C494E4B4E2E45445D253635453 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\54E67456E6965737146344333334 : DhcpNameServer = 69.6.190.10 69.6.190.11

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - mscoree.dll

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

TB-X64: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - mscoree.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\m6cyqaim.default\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Anthony\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-8-10 1385120]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120815.002\IDSviA64.sys [2012-8-15 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-19 13336]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-15 138272]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]

R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]

R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-1-30 167424]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-11 138912]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-19 44736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-5-21 401920]

S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\system32\DRIVERS\hcw72ADFilter.sys --> C:\Windows\system32\DRIVERS\hcw72ADFilter.sys [?]

S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\system32\DRIVERS\hcw72ATV.sys --> C:\Windows\system32\DRIVERS\hcw72ATV.sys [?]

S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\system32\DRIVERS\hcw72DTV.sys --> C:\Windows\system32\DRIVERS\hcw72DTV.sys [?]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-23 166400]

S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-23 128512]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]

S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]

S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]

S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-6 1153368]

S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104]

S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952]

S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304]

S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048]

S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432]

S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960]

S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496]

S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]

S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264]

S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672]

S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888]

.

=============== Created Last 30 ================

.

2012-08-16 15:10:47 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-16 15:03:15 -------- d-----w- C:\Users\Anthony\AppData\Local\temp

2012-08-16 14:39:01 -------- d-----w- C:\ComboFix

2012-08-16 03:37:09 -------- d-----w- C:\FRST

2012-08-15 16:00:19 -------- d-----w- C:\Program Files\Microsoft Device Center

2012-08-15 15:59:38 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2012-08-15 15:21:04 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\symds64.sys

2012-08-15 15:21:04 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys

2012-08-15 15:21:04 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys

2012-08-15 15:21:04 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symefa64.sys

2012-08-15 15:21:03 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys

2012-08-15 15:21:03 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ironx64.sys

2012-08-15 15:21:03 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys

2012-08-15 15:20:42 -------- d-----w- C:\Windows\System32\drivers\NISx64\1308000.00E

2012-08-15 04:38:21 -------- d-----w- C:\NBRT

2012-08-15 00:29:39 -------- d-----w- C:\Users\Anthony\AppData\Local\NPE

2012-08-14 23:01:33 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys

2012-08-12 17:06:56 -------- d-----w- C:\Users\Anthony\AppData\Local\Risen

2012-08-12 16:37:40 -------- d-----w- C:\Program Files (x86)\Deep Silver

2012-08-01 03:51:50 -------- d-----w- C:\Program Files (x86)\Microsoft Corporation

2012-07-26 17:05:44 -------- d-----w- C:\Users\Anthony\AppData\Local\HRSToolbar

.

==================== Find3M ====================

.

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-07-03 19:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-27 03:38:30 46176 ----a-w- C:\Windows\System32\drivers\point64.sys

2012-06-27 03:38:30 23648 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys

2012-06-25 22:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-17 00:35:57 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys

2012-06-17 00:35:57 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys

2012-06-06 14:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-28 13:09:04 52320 ----a-w- C:\Windows\System32\drivers\dc3d.sys

2012-05-28 13:09:04 2168416 ----a-w- C:\Windows\System32\coin91.dll

2012-05-19 16:08:01 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-19 16:08:01 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-19 16:00:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

.

============= FINISH: 13:32:45.09 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/1/2009 8:04:48 PM

System Uptime: 8/16/2012 9:09:46 AM (4 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 290 GiB total, 158.975 GiB free.

E: is Removable

F: is Removable

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Reader X (10.1.0)

Adobe Shockwave Player 11.5

Amazon Games & Software Downloader

Atheros Client Installation Program

AURA Fate of the Ages

Bing HRS Toolbar

BufferChm

C4600

Compatibility Pack for the 2007 Office system

Creative ZEN MX Documentation

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

Dragonsphere

Epson Event Manager

EPSON Scan

File Uploader

Free M4a to MP3 Converter 6.2

Free WAV To MP3 Converter 2.1

Free WMA to MP3 Converter 1.16

Google Chrome

Google Earth

Google Update Helper

GPBaseService2

HP Update

HPPhotoGadget

hpPrintProjects

HPProductAssistant

hpWLPGInstaller

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

Intel® Rapid Storage Technology

Java Auto Updater

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

MediaMonkey 3.2

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Move Media Player

Mozilla Firefox 14.0.1 (x86 en-US)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

Nikon Message Center

Nikon Transfer

NVIDIA PhysX

Opera 12.00

PS_AIO_05_C4600_Software_Min

RarZilla Free Unrar

realMyst

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Risen

Riven The sequel to Myst

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

SmartWebPrinting

SolutionCenter

Spybot - Search & Destroy

Status

Text Twist 2 1.00

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VAIO Care

VAIO Update

VU5x86

Wav to Mp3

WebReg

Winamp

Winamp Detector Plug-in

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

8/16/2012 9:10:25 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/16/2012 9:10:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect.

8/16/2012 9:10:22 AM, Error: Service Control Manager [7000] - The HsfXAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/16/2012 9:01:31 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

8/16/2012 8:57:55 AM, Error: Service Control Manager [7022] - The Intel® Sample Collector service hung on starting.

8/16/2012 8:52:49 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

8/16/2012 8:51:31 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/16/2012 8:50:28 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/16/2012 8:41:42 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

8/16/2012 8:32:32 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

8/16/2012 8:32:32 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

8/16/2012 8:20:57 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/16/2012 8:20:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/16/2012 8:16:54 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

8/15/2012 8:27:17 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

8/15/2012 11:11:20 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.

8/15/2012 11:11:20 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

8/15/2012 11:09:37 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

8/15/2012 11:09:37 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

8/15/2012 10:16:45 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/15/2012 10:16:43 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/15/2012 10:16:43 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/15/2012 10:01:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596856).

8/14/2012 6:33:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

8/14/2012 6:33:54 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

8/14/2012 6:33:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

8/10/2012 10:20:42 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR8.

.

==== End Of File ===========================

Just wanting to make sure if there's anything else out of the ordinary or that my system probably just needs to be optimized.

Link to post
Share on other sites

Full Path: c:\frst\quarantine\{de657d7d-1b4e-35ac-a722-9ac0722e5ddd}\u\80000064.@

That's OK, it's already in quarantine.

~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.