vicbury Posted April 1, 2013 ID:663499 Share Posted April 1, 2013 Sorry to be a nuisance, but can anybody help me get rid of this dam search virus. I downloaded ...something... and next i know i have this Hola Search attached to my internet page which i cannot get rid of. I have downloaded the Malwarebytes scanner and completed a full scan but this little soldier wont budge. HELP ! Link to post Share on other sites More sharing options...
MrCharlie Posted April 1, 2013 ID:663511 Share Posted April 1, 2013 Welcome to the forum, please start at the link below:http://forums.malwar...?showtopic=9573Post back the 2 logs here.....DDS.txt and Attach.txt(please don't put logs in code or quotes)P2P Warning:If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.<====><====><====><====><====><====><====><====>Next................Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.RogueKiller<---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes)MrCNote:Removing malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>Please stick with me until I give you the "all clear".------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
vicbury Posted April 1, 2013 Author ID:663722 Share Posted April 1, 2013 Thanks for your help. I cant seem to post back onto the forum thread that you linked at the start. I have run the Rogue killer and obtained the report. thanks Link to post Share on other sites More sharing options...
vicbury Posted April 1, 2013 Author ID:663725 Share Posted April 1, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16470Run by vaio at 8:34:19 on 2013-04-02Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3950.1580 [GMT 10:00].AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2013\avgrsa.exeC:\Program Files (x86)\AVG\AVG2013\avgcsrva.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Users\vaio\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\AVG\AVG2013\avgnsa.exeC:\Program Files (x86)\AVG\AVG2013\avgemca.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exec:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Program Files (x86)\SONY\Media Gallery\ElbServer.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exec:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exeC:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exeC:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exeC:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exeC:\Windows\SysWOW64\DllHost.exeC:\Program Files\Sony\VAIO Smart Network\VSNService.exeC:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Sony\VAIO Smart Network\VSNClient.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\SearchIndexer.exeC:\Program Files\Sony\VAIO Power Management\SPMService.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Sony\VAIO Update\VAIOUpdt.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exeC:\Program Files\Sony\VAIO Update\VUAgent.exeC:\Program Files\Sony\VAIO Care\VCPerfService.exeC:\Program Files\Sony\VAIO Care\VCsystray.exeC:\Program Files\Sony\VAIO Care\VCService.exeC:\Program Files\Sony\VAIO Care\VCAgent.exeC:\Windows\System32\vds.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Sony\VAIO Care\Admload.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Sony\VAIO Care\listener.exeC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Program Files (x86)\AVG\AVG2013\avgcfgex.exeC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=38D47EDD08DD6D19uSearch Bar = hxxp://www.google.com/ieuSearch Page = hxxp://www.google.comuDefault_Page_URL = hxxp://sony.msn.comuDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>mWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} -BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} -TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [FEXeTWLLHYgf.exe] C:\ProgramData\FEXeTWLLHYgf.exeuRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /StayuRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZEDuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunmRun: [iAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [PMBVolumeWatcher] "c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"mRun: [sHTtray.exe] "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe"mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRun: [Family Tree Builder Update] C:\Users\vaio\Desktop\My-Family-6-Dec-2012\MyHeritage\Bin\FTBCheckUpdates.exemRun: [EfficientLadysOrganizerFree] <no file>StartupFolder: C:\Users\vaio\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFFICI~1.LNK - C:\Program Files (x86)\Efficient Lady's Organizer Free\EfficientLadysOrganizerFree.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTrusted Zone: internetTrusted Zone: mcafee.comTrusted Zone: mcafee.comDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com/cabs/QOLCheck.ocxDPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{8B90FFE4-A3CC-4FB1-B52F-E63B40FCDFAD} : NameServer = 192.168.1.1TCP: Interfaces\{8B90FFE4-A3CC-4FB1-B52F-E63B40FCDFAD} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{8B90FFE4-A3CC-4FB1-B52F-E63B40FCDFAD}\C4E4C4962627162797 : NameServer = 192.168.1.1TCP: Interfaces\{8B90FFE4-A3CC-4FB1-B52F-E63B40FCDFAD}\C4E4C4962627162797 : DHCPNameServer = 192.168.112.1Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllNotify: VESWinlogon - VESWinlogon.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabx64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-17 55856]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-8 202752]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]R2 BackupService;BackupService;C:\Users\vaio\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2012-1-3 83512]R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-8 13336]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-1 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-1 682344]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-5-8 93696]R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-5-8 75776]R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-12-22 259192]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-12-17 120104]R2 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-12-17 70952]R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-12-17 427304]R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-12-17 75048]R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-12-17 91432]R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-12-17 104960]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-16 2320920]R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-15 642416]R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-12-17 480624]R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-12-17 821760]R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-12-17 19968]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-8 56344]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-1 24176]R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-5-8 11392]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-12-17 571248]R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-12-22 44736]R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-11-16 1286784]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-5-8 395264]S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-12-17 361840]S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-5-8 52264]S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-5-8 35104]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-2-16 99384]S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-8 151936]S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-5-8 244736]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-2-16 203320]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-12-17 110960]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-20 1255736].=============== Created Last 30 ================.2013-04-01 05:25:16 -------- d-----w- C:\Users\vaio\AppData\Roaming\Malwarebytes2013-04-01 05:25:13 -------- d-----w- C:\ProgramData\Malwarebytes2013-04-01 05:25:12 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-04-01 05:25:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-04-01 00:34:05 -------- d-----w- C:\Users\vaio\AppData\Roaming\Roxio Log Files2013-04-01 00:12:23 -------- d-----w- C:\Users\vaio\AppData\Roaming\PerformerSoft2013-04-01 00:12:21 19632 ----a-w- C:\Windows\System32\roboot64.exe2013-04-01 00:12:20 -------- d-----w- C:\Users\vaio\AppData\Roaming\File Scout2013-04-01 00:05:11 -------- d-----w- C:\Users\vaio\AppData\Roaming\OpenCandy2013-03-29 05:46:47 -------- d-----w- C:\Users\vaio\AppData\Roaming\Efficient Lady's Organizer Free2013-03-29 05:46:43 -------- d-----w- C:\Program Files (x86)\Efficient Lady's Organizer Free2013-03-29 05:42:05 -------- d-----w- C:\Program Files (x86)\Free Ride Games2013-03-26 11:59:57 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys2013-03-25 20:39:46 4546560 ------w- C:\Windows\SysWow64\GPhotos.scr.==================== Find3M ====================.2013-03-12 18:28:36 73432 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-03-12 18:28:36 693976 ------w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-01-19 10:24:50 32 ------w- C:\_IS6BAT_.TMP2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS.============= FINISH: 8:34:53.80 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 16/12/2010 1:33:59 PMSystem Uptime: 1/04/2013 7:18:32 PM (13 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Core i3 CPU M 350 @ 2.27GHz | N/A | 2266/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 284 GiB total, 146.803 GiB free.D: is RemovableE: is CDROM (CDFS)F: is Removable.==== Disabled Device Manager Items =============.Class GUID:Description: Photosmart B110 seriesDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer:Name: Photosmart B110 seriesPNP Device ID: ROOT\MULTIFUNCTION\0000Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Photosmart B110 seriesDevice ID: ROOT\MULTIFUNCTION\0001Manufacturer: HPName: Photosmart B110 seriesPNP Device ID: ROOT\MULTIFUNCTION\0001Service:.==== System Restore Points ===================.RP214: 15/03/2013 3:00:16 AM - Windows UpdateRP215: 26/03/2013 10:26:32 PM - Scheduled CheckpointRP216: 27/03/2013 3:00:11 AM - Windows UpdateRP217: 29/03/2013 4:00:10 PM - Removed Claro Chrome ToolbarRP218: 31/03/2013 3:26:46 PM - Uniblue DriverScanner installationRP219: 1/04/2013 10:05:53 AM - Uniblue SpeedUpMyPC installationRP220: 1/04/2013 10:30:01 AM - Removed Claro Chrome ToolbarRP221: 1/04/2013 10:36:01 AM - Configured SmartSound Quicktracks for Premiere Elements 8.0RP222: 1/04/2013 10:40:12 AM - Removed TomTom HOME Visual Studio Merge ModulesRP223: 1/04/2013 10:40:31 AM - Removed Telstra Mobile Broadband ManagerRP224: 1/04/2013 10:43:33 AM - Removed EvernoteRP225: 1/04/2013 10:44:43 AM - Removed Claro Chrome Toolbar.==== Installed Programs ======================.1ClickDownloader64 Bit HP CIO Components InstallerAdobe AIRAdobe Flash Player 11 ActiveXAdobe Premiere Elements 8.0Adobe Reader 9.5.2Adobe Shockwave Player 11.6ArcSoft Magic-i Visual Effects 2ArcSoft WebCam Companion 3ATI Catalyst Install ManagerAVG 2013B110Beatport DownloaderBing BarBufferChmCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCitrix XenApp Web PluginDestinationsDeviceDiscoveryDivX SetupEfficient Lady's Organizer Free 3.50Google ChromeGoogle Update HelperGPBaseService2HP Customer Participation Program 14.0HP Imaging Device Functions 14.0HP Photo CreationsHP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7HP Smart Web Printing 4.60HP Solution Center 14.0HP UpdateHPAppStudioHPPhotoGadgetHPProductAssistantHPSSupplyIntel® Control CenterIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyIntel® Turbo Boost Technology DriverJava 6 Update 16Java 6 Update 16 (64-bit)Junk Mail filter updateKingsoft Office 2012 (8.1.0.3375)Malwarebytes Anti-Malware version 1.70.0.1100MarketResearchMedia GalleryMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Choice GuardMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server Compact 3.5 SP1 EnglishMicrosoft SQL Server Compact 3.5 SP1 x64 EnglishMicrosoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219MSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MyHeritage Family Tree BuilderNetwork64Picasa 3PMBPMB VAIO Edition GuidePMB VAIO Edition plug-in (Click to Disc)PMB VAIO Edition plug-in (VAIO Image Optimizer)PMB VAIO Edition plug-in (VAIO Movie Story)PS_AIO_07_B110_SW_MinQuickTransferScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Setting Utility SeriesShop for HP SuppliesSkype Click to CallSkype™ 6.1SmartWebPrintingSolutionCenterSony Home Network LibraryStatusThe Family Tree MakerToolboxTrayAppUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)VAIO CareVAIO Content Metadata Intelligent Analyzing ManagerVAIO Content Metadata Intelligent Network Service ManagerVAIO Content Metadata Manager SettingsVAIO Content Metadata XML Interface LibraryVAIO Content Monitoring SettingsVAIO Control CenterVAIO Data Restore ToolVAIO DVD Menu DataVAIO Entertainment PlatformVAIO Event ServiceVAIO GateVAIO Gate DefaultVAIO Hardware DiagnosticsVAIO ManualVAIO Media plusVAIO Media plus Opening MovieVAIO Movie Story Template DataVAIO Original Function SettingsVAIO Personalization ManagerVAIO Power ManagementVAIO Quick Web AccessVAIO Smart NetworkVAIO UpdateVAIO Wallpaper ContentsVC80CRTRedist - 8.0.50727.6195Visual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesVLC media player 2.0.2VU5x64VU5x86WebRegWIDCOMM Bluetooth SoftwareWindows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live MailWindows Live MessengerWindows Live Movie MakerWindows Live Photo GalleryWindows Live SyncWindows Live Upload ToolWindows Live Writer.==== Event Viewer Messages From Past Week ========.31/03/2013 4:04:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.31/03/2013 4:04:04 PM, Error: Service Control Manager [7000] - The Browser Manager service failed to start due to the following error: The system cannot find the file specified.30/03/2013 6:28:23 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.29/03/2013 6:59:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VcmIAlzMgr service.27/03/2013 3:17:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.27/03/2013 3:17:57 AM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.26/03/2013 9:59:01 PM, Error: Service Control Manager [7022] - The Intel® Management & Security Application User Notification Service service hung on starting.1/04/2013 7:25:05 PM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.1/04/2013 7:23:54 PM, Error: Service Control Manager [7034] - The VAIO Content Metadata Intelligent Network Service Manager service terminated unexpectedly. It has done this 1 time(s).1/04/2013 7:22:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service.1/04/2013 7:19:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.1/04/2013 7:18:52 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied..==== End Of File =========================== Link to post Share on other sites More sharing options...
vicbury Posted April 1, 2013 Author ID:663730 Share Posted April 1, 2013 Time : 02/04/2013 08:22:19 --------------------------ERROR [FEXeTWLLHYgf.exe.vir] -> C:\ProgramData\FEXeTWLLHYgf.exeERROR [FEXeTWLLHYgf.exe.vir] -> C:\ProgramData\FEXeTWLLHYgf.exeERROR [FTBCheckUpdates.exe.vir] -> C:\Users\vaio\Desktop\My-Family-6-Dec-2012\MyHeritage\Bin\FTBCheckUpdates.exe Link to post Share on other sites More sharing options...
MrCharlie Posted April 1, 2013 ID:663756 Share Posted April 1, 2013 Can you post the log from RogueKiller.-----------------Please download AdwCleaner from here and save it on your Desktop. AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Note:Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.MrC Link to post Share on other sites More sharing options...
vicbury Posted April 1, 2013 Author ID:663763 Share Posted April 1, 2013 RogueKiller V8.5.4 [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : vaio [Admin rights]Mode : Scan -- Date : 04/02/2013 08:22:19| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 5 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : FEXeTWLLHYgf.exe (C:\ProgramData\FEXeTWLLHYgf.exe) [x] -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-4171032976-4125830094-2685399912-1000[...]\Run : FEXeTWLLHYgf.exe (C:\ProgramData\FEXeTWLLHYgf.exe) [x] -> FOUND[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Family Tree Builder Update (C:\Users\vaio\Desktop\My-Family-6-Dec-2012\MyHeritage\Bin\FTBCheckUpdates.exe) [x] -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HTS543232A7A384 +++++--- User ---[MBR] 5b053948ccf863345494048db585a6ad[bSP] d4d85ad6a5529354b2dd0df4c28ec105 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13961 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28594176 | Size: 100 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28798976 | Size: 291182 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_04022013_02d0822.txt >>RKreport[1]_S_04022013_02d0822.txt Link to post Share on other sites More sharing options...
vicbury Posted April 1, 2013 Author ID:663765 Share Posted April 1, 2013 AdwCleaner v2.115 - Logfile created 04/02/2013 at 09:58:02# Updated 17/03/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : vaio - VAIO-VAIO# Boot Mode : Normal# Running from : C:\Users\vaio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLWF73MV\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****File Found : C:\ENDFile Found : C:\Users\vaio\AppData\Local\Temp\Uninstall.exeFolder Found : C:\Program Files (x86)\1ClickDownloadFolder Found : C:\Program Files (x86)\ConduitFolder Found : C:\ProgramData\AVG Security ToolbarFolder Found : C:\ProgramData\BabylonFolder Found : C:\ProgramData\Tarma InstallerFolder Found : C:\ProgramData\TrymediaFolder Found : C:\Users\vaio\AppData\Local\ConduitFolder Found : C:\Users\vaio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeikhckcedpnofpmfaakfhppidegbcpFolder Found : C:\Users\vaio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeikhckcedpnofpmfaakfhppidegbcpFolder Found : C:\Users\vaio\AppData\Local\PackageAwareFolder Found : C:\Users\vaio\AppData\Local\SwvUpdaterFolder Found : C:\Users\vaio\AppData\Local\Temp\avg@toolbarFolder Found : C:\Users\vaio\AppData\LocalLow\ConduitFolder Found : C:\Users\vaio\AppData\Roaming\BabylonFolder Found : C:\Users\vaio\AppData\Roaming\file scoutFolder Found : C:\Users\vaio\AppData\Roaming\OpenCandyFolder Found : C:\Users\vaio\AppData\Roaming\PerformerSoft***** [Registry] *****Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dllData Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dllKey Found : HKCU\Software\1ClickDownloadKey Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Found : HKCU\Software\AppDataLow\Software\CrossriderKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\BabylonToolbarKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Cr_InstallerKey Found : HKCU\Software\DataMngrKey Found : HKCU\Software\DataMngr_ToolbarKey Found : HKCU\Software\Google\Chrome\Extensions\fdeikhckcedpnofpmfaakfhppidegbcpKey Found : HKCU\Software\Google\Chrome\Extensions\fdeikhckcedpnofpmfaakfhppidegbcpKey Found : HKCU\Software\IGearSettingsKey Found : HKCU\Software\IMKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0974BA1E-64EC-11DE-B2A5-E43756D89593}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKCU\Software\SoftonicKey Found : HKCU\Software\58e8adde56fbe13Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKLM\Software\BabylonKey Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exeKey Found : HKLM\SOFTWARE\Classes\Conduit.EngineKey Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\DataMngrKey Found : HKLM\Software\IminentKey Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Wow6432Node\58e8adde56fbe13Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdeikhckcedpnofpmfaakfhppidegbcpKey Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdeikhckcedpnofpmfaakfhppidegbcpKey Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlhKey Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloadKey Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}Key Found : HKLM\SOFTWARE\Tarma InstallerKey Found : HKU\S-1-5-21-4171032976-4125830094-2685399912-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0974BA1E-64EC-11DE-B2A5-E43756D89593}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16470[OK] Registry is clean.-\\ Google Chrome v26.0.1410.43File : C:\Users\vaio\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [8684 octets] - [02/04/2013 09:58:02]########## EOF - C:\AdwCleaner[R1].txt - [8744 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663766 Share Posted April 2, 2013 From your other post, it looks like you already did this but if not......Run RogueKiller again and click ScanWhen the scan completes > click on the Registry tabPut a check next to all of these and uncheck the rest: (if found)[RUN][sUSP PATH] HKCU\[...]\Run : FEXeTWLLHYgf.exe (C:\ProgramData\FEXeTWLLHYgf.exe) [x] -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-4171032976-4125830094-2685399912-1000[...]\Run : FEXeTWLLHYgf.exe (C:\ProgramData\FEXeTWLLHYgf.exe) [x] -> FOUNDNow click Delete on the right hand column under Options-------------Please create a new system restore point before continuing.Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.MrC Link to post Share on other sites More sharing options...
vicbury Posted April 2, 2013 Author ID:663770 Share Posted April 2, 2013 how do i "Please create a new system restore point before continuing". Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663773 Share Posted April 2, 2013 http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/MrC Link to post Share on other sites More sharing options...
vicbury Posted April 2, 2013 Author ID:663774 Share Posted April 2, 2013 I have run the Rogue killer and deleted the registry things as you said. the report looks like this, hopefully i've done this correct.RogueKiller V8.5.4 [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : vaio [Admin rights]Mode : Remove -- Date : 04/02/2013 10:16:33| ARK || FAK || MBR |¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH] adwcleaner.exe -- C:\Users\vaio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLWF73MV\adwcleaner.exe [-] -> KILLED [TermProc][sUSP PATH] adwcleaner.exe -- C:\Users\vaio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLWF73MV\adwcleaner.exe [-] -> KILLED [TermProc]¤¤¤ Registry Entries : 4 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : FEXeTWLLHYgf.exe (C:\ProgramData\FEXeTWLLHYgf.exe) [x] -> DELETED[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Family Tree Builder Update (C:\Users\vaio\Desktop\My-Family-6-Dec-2012\MyHeritage\Bin\FTBCheckUpdates.exe) [x] -> DELETED[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HTS543232A7A384 +++++--- User ---[MBR] 5b053948ccf863345494048db585a6ad[bSP] d4d85ad6a5529354b2dd0df4c28ec105 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13961 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28594176 | Size: 100 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28798976 | Size: 291182 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[3]_D_04022013_02d1016.txt >>RKreport[1]_S_04022013_02d0822.txt ; RKreport[2]_S_04022013_02d1012.txt ; RKreport[3]_D_04022013_02d1016.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663779 Share Posted April 2, 2013 OK, continue with AdwCleaner, MrC Link to post Share on other sites More sharing options...
vicbury Posted April 2, 2013 Author ID:663782 Share Posted April 2, 2013 # AdwCleaner v2.115 - Logfile created 04/02/2013 at 10:27:51# Updated 17/03/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : vaio - VAIO-VAIO# Boot Mode : Normal# Running from : C:\Users\vaio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TT12HZP6\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Deleted on reboot : C:\Users\vaio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeikhckcedpnofpmfaakfhppidegbcpFile Deleted : C:\ENDFile Deleted : C:\Users\vaio\AppData\Local\Temp\Uninstall.exeFolder Deleted : C:\Program Files (x86)\1ClickDownloadFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\ProgramData\AVG Security ToolbarFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\ProgramData\TrymediaFolder Deleted : C:\Users\vaio\AppData\Local\ConduitFolder Deleted : C:\Users\vaio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeikhckcedpnofpmfaakfhppidegbcpFolder Deleted : C:\Users\vaio\AppData\Local\PackageAwareFolder Deleted : C:\Users\vaio\AppData\Local\SwvUpdaterFolder Deleted : C:\Users\vaio\AppData\Local\Temp\avg@toolbarFolder Deleted : C:\Users\vaio\AppData\LocalLow\ConduitFolder Deleted : C:\Users\vaio\AppData\Roaming\BabylonFolder Deleted : C:\Users\vaio\AppData\Roaming\file scoutFolder Deleted : C:\Users\vaio\AppData\Roaming\OpenCandyFolder Deleted : C:\Users\vaio\AppData\Roaming\PerformerSoft***** [Registry] *****Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dllData Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dllKey Deleted : HKCU\Software\1ClickDownloadKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\BabylonToolbarKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Cr_InstallerKey Deleted : HKCU\Software\DataMngrKey Deleted : HKCU\Software\DataMngr_ToolbarKey Deleted : HKCU\Software\Google\Chrome\Extensions\fdeikhckcedpnofpmfaakfhppidegbcpKey Deleted : HKCU\Software\IGearSettingsKey Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0974BA1E-64EC-11DE-B2A5-E43756D89593}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\58e8adde56fbe13Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKLM\Software\BabylonKey Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exeKey Deleted : HKLM\SOFTWARE\Classes\Conduit.EngineKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\Software\IminentKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Wow6432Node\58e8adde56fbe13Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdeikhckcedpnofpmfaakfhppidegbcpKey Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlhKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloadKey Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}Key Deleted : HKLM\SOFTWARE\Tarma InstallerValue Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0974BA1E-64EC-11DE-B2A5-E43756D89593}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16470[OK] Registry is clean.-\\ Google Chrome v26.0.1410.43File : C:\Users\vaio\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [8799 octets] - [02/04/2013 09:58:02]AdwCleaner[R2].txt - [8859 octets] - [02/04/2013 10:27:33]AdwCleaner[s1].txt - [8400 octets] - [02/04/2013 10:27:51]########## EOF - C:\AdwCleaner[s1].txt - [8460 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663784 Share Posted April 2, 2013 Is there any difference?? MrC Link to post Share on other sites More sharing options...
vicbury Posted April 2, 2013 Author ID:663787 Share Posted April 2, 2013 No, when it still opened up explorer with Hola search Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663788 Share Posted April 2, 2013 OK, next:Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
vicbury Posted April 2, 2013 Author ID:663856 Share Posted April 2, 2013 ComboFix 13-04-01.01 - vaio 02/04/2013 10:59:40.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3950.2114 [GMT 10:00]Running from: c:\users\vaio\Desktop\ComboFix.exeAV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\Install.exec:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-03-02 to 2013-04-02 )))))))))))))))))))))))))))))))..2013-04-02 02:10 . 2013-04-02 02:10 -------- d-----w- c:\users\Default\AppData\Local\temp2013-04-02 00:28 . 2013-04-02 00:28 171 ----a-w- c:\windows\DeleteOnReboot.bat2013-04-01 05:25 . 2013-04-01 05:25 -------- d-----w- c:\users\vaio\AppData\Roaming\Malwarebytes2013-04-01 05:25 . 2013-04-01 05:25 -------- d-----w- c:\programdata\Malwarebytes2013-04-01 05:25 . 2013-04-01 05:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-04-01 05:25 . 2012-12-14 06:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys2013-04-01 00:34 . 2013-04-01 00:34 -------- d-----w- c:\users\vaio\AppData\Roaming\Roxio Log Files2013-04-01 00:12 . 2012-12-19 05:53 19632 ----a-w- c:\windows\system32\roboot64.exe2013-03-29 05:46 . 2013-03-29 20:29 -------- d-----w- c:\users\vaio\AppData\Roaming\Efficient Lady's Organizer Free2013-03-29 05:46 . 2013-03-29 05:46 -------- d-----w- c:\program files (x86)\Efficient Lady's Organizer Free2013-03-29 05:42 . 2013-03-31 06:03 -------- d-----w- c:\program files (x86)\Free Ride Games2013-03-26 11:59 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys2013-03-25 20:39 . 2013-03-25 20:39 4546560 ------w- c:\windows\SysWow64\GPhotos.scr...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-14 17:02 . 2011-08-24 10:24 72013344 ----a-w- c:\windows\system32\MRT.exe2013-03-12 18:28 . 2012-08-31 08:45 73432 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-03-12 18:28 . 2012-08-31 08:45 693976 ------w- c:\windows\SysWow64\FlashPlayerApp.exe2013-02-12 05:45 . 2013-03-13 21:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45 . 2013-03-13 21:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45 . 2013-03-13 21:06 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45 . 2013-03-13 21:06 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48 . 2013-03-13 21:06 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-02-12 04:48 . 2013-03-13 21:06 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-01-19 10:24 . 2013-01-19 10:24 32 ------w- C:\_IS6BAT_.TMP2013-01-05 05:53 . 2013-02-13 11:30 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe2013-01-05 05:00 . 2013-02-13 11:30 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-01-05 05:00 . 2013-02-13 11:30 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-01-04 05:46 . 2013-02-13 11:29 215040 ----a-w- c:\windows\system32\winsrv.dll2013-01-04 04:51 . 2013-02-13 11:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-01-04 04:43 . 2013-02-13 11:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-01-04 03:26 . 2013-02-13 11:29 3153408 ----a-w- c:\windows\system32\win32k.sys2013-01-04 02:47 . 2013-02-13 11:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-01-04 02:47 . 2013-02-13 11:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-01-04 02:47 . 2013-02-13 11:29 2048 ----a-w- c:\windows\SysWow64\user.exe2013-01-04 02:47 . 2013-02-13 11:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-01-03 06:00 . 2013-02-13 11:29 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-01-03 06:00 . 2013-02-13 11:29 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2009-10-15 72192].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2009-10-16 99624]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-10 3147384]"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952].c:\users\vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Lady's Organizer Free.lnk - c:\program files (x86)\Efficient Lady's Organizer Free\EfficientLadysOrganizerFree.exe [2013-3-29 12411904].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 1081632]HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]2009-12-02 06:03 98304 ------w- c:\windows\System32\VESWinlogon.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]R2 BackupService;BackupService;c:\users\vaio\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-02 361840]R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-11-13 151936]R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-09 110960]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-19 1255736]R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-14 63328]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-20 225120]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-13 40800]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-01 185696]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-20 200032]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-27 202752]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-28 259192]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-16 120104]S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-16 70952]S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-16 427304]S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-16 75048]S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-16 91432]S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-15 642416]S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-26 821760]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-12-14 56344]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-09-30 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-09-30 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-09-30 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-09-30 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248]S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-11-22 1286784]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-04-01 10:33 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 18:28].2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20 00:58].2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20 00:58].2013-04-02 c:\windows\Tasks\WpsUpdateTask_vaio.job- c:\program files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2012-09-17 16:00]..--------- X64 Entries -----------..------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=38D47EDD08DD6D19uDefault_Search_URL = hxxp://www.google.com/iemLocal Page = c:\windows\SysWOW64\blank.htmuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: internetTrusted Zone: mcafee.comTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{8B90FFE4-A3CC-4FB1-B52F-E63B40FCDFAD}: NameServer = 192.168.1.1TCP: Interfaces\{8B90FFE4-A3CC-4FB1-B52F-E63B40FCDFAD}\C4E4C4962627162797: NameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)Wow6432Node-HKCU-Run-TomTomHOME.exe - c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exeWow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exeWow6432Node-HKLM-Run-<NO NAME> - (no file)Wow6432Node-HKLM-Run-EfficientLadysOrganizerFree - (no file)Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exeWebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exeAddRemove-Family Tree Builder - c:\users\vaio\Desktop\My-Family-6-Dec-2012\MyHeritage\Bin\Uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]"value"="?\06\05\0a\06\124?".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-04-02 12:40:00ComboFix-quarantined-files.txt 2013-04-02 02:39.Pre-Run: 158,554,165,248 bytes freePost-Run: 159,688,593,408 bytes free.- - End Of File - - 82F99DD21DC582DF472995E8CA83EC8F Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663881 Share Posted April 2, 2013 Using ComboFix......1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Open notepad and copy/paste the text in the quotebox below into it:4. If ComboFix wants to update.....please allow it to.DDS::uStart Page = hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=38D47EDD08DD6D19ClearJavaCache::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeCAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.After reboot, (in case it asks to reboot)......Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.MrC Link to post Share on other sites More sharing options...
vicbury Posted April 2, 2013 Author ID:663890 Share Posted April 2, 2013 I think it may be fixed !! I reopened internet explorer and it the page opened on ninemsn instead of Hola Search.ComboFix 13-04-01.01 - vaio 02/04/2013 21:42:51.3.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3950.1586 [GMT 10:00]Running from: c:\users\vaio\Desktop\ComboFix.exeCommand switches used :: c:\users\vaio\Desktop\CFScript.txtAV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-03-02 to 2013-04-02 )))))))))))))))))))))))))))))))..2013-04-02 11:55 . 2013-04-02 11:55 -------- d-----w- c:\users\Default\AppData\Local\temp2013-04-02 00:28 . 2013-04-02 00:28 171 ----a-w- c:\windows\DeleteOnReboot.bat2013-04-01 05:25 . 2013-04-01 05:25 -------- d-----w- c:\users\vaio\AppData\Roaming\Malwarebytes2013-04-01 05:25 . 2013-04-01 05:25 -------- d-----w- c:\programdata\Malwarebytes2013-04-01 05:25 . 2013-04-01 05:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-04-01 05:25 . 2012-12-14 06:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys2013-04-01 00:34 . 2013-04-01 00:34 -------- d-----w- c:\users\vaio\AppData\Roaming\Roxio Log Files2013-04-01 00:12 . 2012-12-19 05:53 19632 ----a-w- c:\windows\system32\roboot64.exe2013-03-29 05:46 . 2013-03-29 20:29 -------- d-----w- c:\users\vaio\AppData\Roaming\Efficient Lady's Organizer Free2013-03-29 05:46 . 2013-03-29 05:46 -------- d-----w- c:\program files (x86)\Efficient Lady's Organizer Free2013-03-29 05:42 . 2013-03-31 06:03 -------- d-----w- c:\program files (x86)\Free Ride Games2013-03-26 11:59 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys2013-03-25 20:39 . 2013-03-25 20:39 4546560 ------w- c:\windows\SysWow64\GPhotos.scr...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-14 17:02 . 2011-08-24 10:24 72013344 ----a-w- c:\windows\system32\MRT.exe2013-03-12 18:28 . 2012-08-31 08:45 73432 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-03-12 18:28 . 2012-08-31 08:45 693976 ------w- c:\windows\SysWow64\FlashPlayerApp.exe2013-02-12 05:45 . 2013-03-13 21:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45 . 2013-03-13 21:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45 . 2013-03-13 21:06 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45 . 2013-03-13 21:06 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48 . 2013-03-13 21:06 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-02-12 04:48 . 2013-03-13 21:06 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-01-19 10:24 . 2013-01-19 10:24 32 ------w- C:\_IS6BAT_.TMP2013-01-05 05:53 . 2013-02-13 11:30 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe2013-01-05 05:00 . 2013-02-13 11:30 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-01-05 05:00 . 2013-02-13 11:30 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-01-04 05:46 . 2013-02-13 11:29 215040 ----a-w- c:\windows\system32\winsrv.dll2013-01-04 04:51 . 2013-02-13 11:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-01-04 04:43 . 2013-02-13 11:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-01-04 03:26 . 2013-02-13 11:29 3153408 ----a-w- c:\windows\system32\win32k.sys2013-01-04 02:47 . 2013-02-13 11:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-01-04 02:47 . 2013-02-13 11:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-01-04 02:47 . 2013-02-13 11:29 2048 ----a-w- c:\windows\SysWow64\user.exe2013-01-04 02:47 . 2013-02-13 11:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-01-03 06:00 . 2013-02-13 11:29 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-01-03 06:00 . 2013-02-13 11:29 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2009-10-15 72192].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2009-10-16 99624]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-10 3147384]"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952].c:\users\vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Lady's Organizer Free.lnk - c:\program files (x86)\Efficient Lady's Organizer Free\EfficientLadysOrganizerFree.exe [2013-3-29 12411904].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 1081632]HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]2009-12-02 06:03 98304 ------w- c:\windows\System32\VESWinlogon.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]R2 BackupService;BackupService;c:\users\vaio\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-02 361840]R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-11-13 151936]R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-09 110960]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-19 1255736]R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-14 63328]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-20 225120]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-13 40800]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-01 185696]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-20 200032]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-27 202752]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-28 259192]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-16 120104]S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-16 70952]S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-16 427304]S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-16 75048]S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-16 91432]S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-15 642416]S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-26 821760]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-12-14 56344]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-09-30 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-09-30 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-09-30 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-09-30 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248]S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-11-22 1286784]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-04-01 10:33 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 18:28].2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20 00:58].2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20 00:58].2013-04-02 c:\windows\Tasks\WpsUpdateTask_vaio.job- c:\program files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2012-09-17 16:00]..--------- X64 Entries -----------..------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuDefault_Search_URL = hxxp://www.google.com/iemLocal Page = c:\windows\SysWOW64\blank.htmuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: internetTrusted Zone: mcafee.comTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{8B90FFE4-A3CC-4FB1-B52F-E63B40FCDFAD}: NameServer = 192.168.1.1TCP: Interfaces\{8B90FFE4-A3CC-4FB1-B52F-E63B40FCDFAD}\C4E4C4962627162797: NameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exeAddRemove-Family Tree Builder - c:\users\vaio\Desktop\My-Family-6-Dec-2012\MyHeritage\Bin\Uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]"value"="?\06\05\0a\06\124?".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-04-02 21:58:41ComboFix-quarantined-files.txt 2013-04-02 11:58ComboFix2.txt 2013-04-02 02:40.Pre-Run: 159,720,554,496 bytes freePost-Run: 159,433,670,656 bytes free.- - End Of File - - 29CE568D268D4409F72C050063E40B44 Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663896 Share Posted April 2, 2013 Good.......Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
vicbury Posted April 2, 2013 Author ID:663902 Share Posted April 2, 2013 Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 16 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 26.0.1410.43 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663903 Share Posted April 2, 2013 AVG AntiVirus Free Edition 2013Antivirus out of date! <------check for an update if available Java™ 6 Update 16 <---please uninstall from add/remove programsJava version out of Date! <-------Download and install the latest version from HereUncheck the box to install the Ask toolbar!!! and any other free "stuff". (Java™ 7 Update 17)Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe.--------------------------------------------You have out dated programs on the system which are vulnerable to malware.Please update or uninstall themInfo on doing that can be found in my Preventive Maintenance~~~~~~~~~~~~~~~~~~~~~A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comhttp://www.itxassoci...T-Tools/OTL.exeSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
vicbury Posted April 3, 2013 Author ID:664230 Share Posted April 3, 2013 All done ! Thank you very much for you assistance, i really appreciate it. You have saved me a huge headache. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 3, 2013 ID:664305 Share Posted April 3, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts