Jump to content

Cmd.exe box popping up on start-up


Recommended Posts

For about a month this cmd.exe box has been popping up on the desktop during startup, just as the system is loading up.

 

It looks like this and has no text in the box; it pops up for about 3-5 seconds then disappears again.

cmdbox.jpg

 

I didn't think anything of it until I noticed the font color of links in Google searches were slightly off, then alarm bells started to sound. I did some searching and other people had been getting some alarming reports about this on your forum, so I though it best to share.

 

My friend used this forum some years ago when in dire need of some support and you guys were amazing then, so can I just say thanks for providing such a great free service. It is much appreciated. With that said, here are the reports (I hope we did everything right and we appreciate even the tiniest bit of help):

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2

Run by john at 9:50:44 on 2013-08-08

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4077.2157 [GMT 1:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\StikyNot.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\ProgramData\Search Protection\SearchProtection.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\PROGRA~2\AD-AWA~1\AdAware.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uProxyServer = 10.99.28.5:1080

uProxyOverride = <local>

uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRun: [searchProtection] C:\ProgramData\Search Protection\_run.bat

mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

mRun: [smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{AE506691-F177-40E1-880F-0AD5C0B20D9B} : DHCPNameServer = 10.100.14.1

TCP: Interfaces\{F9F301CD-AB92-4831-9813-FC8A51F7D121} : DHCPNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{F9F301CD-AB92-4831-9813-FC8A51F7D121}\2393835313 : DHCPNameServer = 10.99.28.4

TCP: Interfaces\{F9F301CD-AB92-4831-9813-FC8A51F7D121}\244584572633D243646474 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{F9F301CD-AB92-4831-9813-FC8A51F7D121}\2456C6B696E6E293444473E2765756374737 : DHCPNameServer = 192.168.169.1

TCP: Interfaces\{F9F301CD-AB92-4831-9813-FC8A51F7D121}\8414C4D293030303 : DHCPNameServer = 192.168.1.254 192.168.1.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-16 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-16 189936]

R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-18 14456]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-2 1030952]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-2 378944]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]

R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-8-2 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-2 80816]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-7-5 138400]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-7-5 98976]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-3 46808]

R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-11 13336]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2011-6-27 102400]

R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsnxc64.sys [2011-6-27 98816]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-7-22 259512]

R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-16 378472]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-23 105024]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-11 2656536]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-10-11 552584]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-10-11 969352]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-5-26 19968]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-7-5 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-7-5 330400]

R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-7-5 110240]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-7-5 30368]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-7-5 167072]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-7-5 68256]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-7-5 280992]

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-7-5 496800]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-27 471144]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-7-24 53176]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-6-30 1380480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S2 TCE CAD Service;TCE CAD Service;C:\Program Files (x86)\John Lewis Rolling Demo Screensaver\CAD Service\cadservice.exe --> C:\Program Files (x86)\John Lewis Rolling Demo Screensaver\CAD Service\cadservice.exe [?]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]

S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]

S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]

S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-6 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .txt: Applications\WINWORD.EXE="C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde [userChoice] [default=edit - 'Open' doesn't exist]

.

=============== Created Last 30 ================

.

2013-08-07 00:48:27     --------    d-----w-    C:\Windows\SysWow64\syncdb

2013-07-19 19:46:09     --------    d-----w-    C:\Users\john\AppData\Local\Chromium

2013-07-19 19:42:53     --------    d-----w-    C:\Users\john\AppData\Local\The Lord of the Rings Online

2013-07-19 19:38:40     --------    d-----w-    C:\Users\john\AppData\Local\Turbine

2013-07-19 19:35:17     4178264     ----a-w-    C:\Windows\SysWow64\D3DX9_41.dll

2013-07-19 19:35:14     235344      ----a-w-    C:\Windows\SysWow64\d3dx11_42.dll

2013-07-19 19:34:42     1974616     ----a-w-    C:\Windows\SysWow64\D3DCompiler_42.dll

2013-07-19 19:34:41     3495784     ----a-w-    C:\Windows\SysWow64\d3dx9_33.dll

2013-07-19 19:30:41     --------    d-----w-    C:\ProgramData\Turbine

2013-07-19 19:30:18     --------    d-----w-    C:\ProgramData\HappyCloud

2013-07-19 18:52:34     68616 ----a-w-    C:\Windows\SysWow64\XAPOFX1_1.dll

2013-07-19 18:52:34     509448      ----a-w-    C:\Windows\SysWow64\XAudio2_2.dll

2013-07-19 18:52:34     467984      ----a-w-    C:\Windows\SysWow64\d3dx10_39.dll

2013-07-19 18:52:34     1493528     ----a-w-    C:\Windows\SysWow64\D3DCompiler_39.dll

2013-07-19 18:52:32     3851784     ----a-w-    C:\Windows\SysWow64\D3DX9_39.dll

2013-07-19 18:52:13     --------    d-sh--w-    C:\Windows\SysWow64\AI_RecycleBin

2013-07-19 18:50:36     --------    d-----w-    C:\Users\john\AppData\Local\PMB Files

2013-07-19 18:50:34     --------    d-----w-    C:\ProgramData\PMB Files

2013-07-19 18:50:31     --------    d-----w-    C:\Program Files (x86)\Pando Networks

2013-07-19 18:48:22     --------    d-----w-    C:\Users\john\AppData\Roaming\Riot Games

2013-07-11 11:37:38     1643520     ----a-w-    C:\Windows\System32\DWrite.dll

2013-07-11 11:37:37     1247744     ----a-w-    C:\Windows\SysWow64\DWrite.dll

.

==================== Find3M  ====================

.

2013-07-04 19:41:33     9728  ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-28 15:24:37     189936      ----a-w-    C:\Windows\System32\drivers\aswVmm.sys

2013-06-28 15:24:37     1030952     ----a-w-    C:\Windows\System32\drivers\aswSnx.sys

2013-06-27 14:58:30     96168 ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-27 14:58:27     867240      ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll

2013-06-27 14:58:27     789416      ----a-w-    C:\Windows\SysWow64\deployJava1.dll

2013-06-12 14:56:37     71048 ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 14:56:37     692104      ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-11 23:43:37     1767936     ----a-w-    C:\Windows\SysWow64\wininet.dll

2013-06-11 23:43:00     2877440     ----a-w-    C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58     61440 ----a-w-    C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58     109056      ----a-w-    C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:26:20     2241024     ----a-w-    C:\Windows\System32\wininet.dll

2013-06-11 23:25:16     3958784     ----a-w-    C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13     67072 ----a-w-    C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13     136704      ----a-w-    C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45     71680 ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58     89600 ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-07 03:22:18     2706432     ----a-w-    C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52     2706432     ----a-w-    C:\Windows\SysWow64\mshtml.tlb

2013-06-05 03:34:27     3153920     ----a-w-    C:\Windows\System32\win32k.sys

2013-06-04 06:00:13     624128      ----a-w-    C:\Windows\System32\qedit.dll

2013-06-04 04:53:07     509440      ----a-w-    C:\Windows\SysWow64\qedit.dll

2013-05-18 08:03:20     47496 ----a-w-    C:\Windows\System32\sbbd.exe

2013-05-18 08:03:20     14456 ----a-w-    C:\Windows\System32\drivers\gfibto.sys

2013-05-13 05:51:01     184320      ----a-w-    C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00     1464320     ----a-w-    C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00     139776      ----a-w-    C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40     52224 ----a-w-    C:\Windows\System32\certenc.dll

2013-05-13 04:45:55     140288      ----a-w-    C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55     1160192     ----a-w-    C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55     103936      ----a-w-    C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55     1192448     ----a-w-    C:\Windows\System32\certutil.exe

2013-05-13 03:08:10     903168      ----a-w-    C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06     43008 ----a-w-    C:\Windows\SysWow64\certenc.dll

.

============= FINISH:  9:51:24.42 ===============

 

 

 

 

 

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 07/11/2011 16:26:56

System Uptime: 08/08/2013 09:42:14 (0 hours ago)

.

Motherboard: Sony Corporation |  | VAIO

Processor: Intel® Core i5-2430M CPU @ 2.40GHz | N/A | 2401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 578 GiB total, 403.911 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Bluetooth Device (Personal Area Network)

Device ID: BTH\MS_BTHPAN\7&25D0219B&0&2

Manufacturer: Microsoft

Name: Bluetooth Device (Personal Area Network)

PNP Device ID: BTH\MS_BTHPAN\7&25D0219B&0&2

Service: BthPan

.

==== System Restore Points ===================

.

RP146: 19/07/2013 19:49:06 - Installed League of Legends

RP147: 19/07/2013 19:50:48 - Installed Microsoft Visual C++ 2005 Redistributable (x64)

RP148: 19/07/2013 19:51:32 - Installed Microsoft Visual C++ 2005 Redistributable

RP149: 19/07/2013 19:51:58 - Installed League of Legends

RP150: 19/07/2013 19:52:17 - Installed DirectX

RP151: 19/07/2013 19:58:17 - Removed League of Legends

RP152: 19/07/2013 20:33:44 - Installed DirectX

RP153: 19/07/2013 20:34:45 - Installed DirectX

RP154: 21/07/2013 09:22:19 - Windows Update

RP155: 07/08/2013 01:40:52 - Removed Adobe Photoshop Elements 9.

RP156: 07/08/2013 01:45:33 - Removed Adobe Premiere Elements 9.

RP157: 07/08/2013 01:50:27 - Configured SmartSound Quicktracks for Premiere Elements 9.0

RP158: 08/08/2013 06:23:57 - Windows Update

.

==== Installed Programs ======================

.

????? Windows Live

?????? Windows Live

??????? ????????? Windows Live Mesh ActiveX ??? ?????????? ??????????

??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????

???????? ?????????? Windows Live

?????????? Windows Live

??????????? ?? Windows Live

???????????? Windows Live

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh

ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????

Ad-Aware Antivirus

Ad-Aware Security Add-on

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7) MUI

Amazon MP3 Downloader 1.0.17

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 4

Atheros WiFi Driver Installation

Audio Converter

avast! Free Antivirus

Bing Bar

Bluetooth Win7 Suite (64)

CCleaner

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX Windows Live Mesh pentru conexiuni la distan?a

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

D3DX10

Dolby Home Theater v4

EPSON S22 Series Printer Uninstall

ESET Online Scanner v3

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych

Galeria de Fotografias do Windows Live

Galeria fotografii uslugi Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Google Chrome

Happy Cloud Client

Intel® Management Engine Components

Intel® Rapid Storage Technology

IsoBuster 3.2

Java 7 Update 25

Java Auto Updater

Java 6 Update 26 (64-bit)

Junk Mail filter update

Malwarebytes Anti-Malware version 1.75.0.1300

Media Gallery

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Office 64-bit Components 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_CRT_x86

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

NVIDIA 3D Vision Driver 268.93

NVIDIA 3D Vision Video Player

NVIDIA Control Panel 268.93

NVIDIA Graphics Driver 268.93

NVIDIA HD Audio Driver 1.2.22.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

NVIDIA Stereoscopic 3D Driver

Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení

Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia

Pando Media Booster

PMB

PMB VAIO Edition Guide

PMB VAIO Edition Plug-in

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Quick Web Access

Raccolta foto di Windows Live

Realtek High Definition Audio Driver

Remote Keyboard

Remote Play with PlayStation 3

Renesas Electronics USB 3.0 Host Controller Driver

S?????? f?t???af??? t?? Windows Live

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Skype™ 6.1

Smart File Advisor 1.1.1

Sony Corporation

SSLx64

SSLx86

St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??

Synaptics Pointing Device Driver

The Lord of the Rings Online

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition

Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi

V3DPX86

VAIO - Media Gallery

VAIO - PMB VAIO Edition Guide

VAIO - PMB VAIO Edition Plug-in

VAIO - Remote Keyboard

VAIO - Remote Play with PlayStation®3

VAIO 3D Portal

VAIO Care

VAIO Control Center

VAIO Data Restore Tool

VAIO Easy Connect

VAIO Gate

VAIO Gate Default

VAIO Improvement

VAIO Improvement Validation

VAIO Manual

VAIO Sample Contents

VAIO Smart Network

VAIO Transfer Support

VAIO Update

VAIO Update Merge Module x64

VCCx64

VCCx86

VHD

VIx64

VIx86

VPMx64

VSNx64

VSNx86

VWSTx86

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger

Windows Live Mesh ActiveX-objekt til fjernforbindelser

Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Meshin etäyhteyksien ActiveX-komponentti

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

WinRAR 4.20 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

08/08/2013 09:42:39, Error: Service Control Manager [7000]  - The TCE CAD Service service failed to start due to the following error:  The system cannot find the file specified.

07/08/2013 02:17:42, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

07/08/2013 02:17:39, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.

.

==== End Of File ===========================

 

 

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-08-08 10:54:09

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 596.17GB

Running: qmw33jdp.exe; Driver: C:\Users\john\AppData\Local\Temp\fxldypoc.sys

 

 

---- Threads - GMER 2.1 ----

 

Thread  C:\Windows\system32\svchost.exe [960:1308]                                                         000007fef96d2154

Thread  C:\Windows\System32\svchost.exe [1020:1052]                                                        000007fefc4ff2f4

Thread  C:\Windows\System32\svchost.exe [1020:1068]                                                        000007fefc476204

Thread  C:\Windows\System32\svchost.exe [1020:1300]                                                        000007fefbf12070

Thread  C:\Windows\System32\svchost.exe [1020:1336]                                                        000007fefb125440

Thread  C:\Windows\System32\svchost.exe [1020:4912]                                                        000007fef6505fd0

Thread  C:\Windows\System32\svchost.exe [1020:4968]                                                        000007fefe27c608

Thread  C:\Windows\System32\svchost.exe [1020:2088]                                                        000007fee91d6b8c

Thread  C:\Windows\System32\svchost.exe [1020:2180]                                                        000007fee91d1d88

Thread  C:\Windows\system32\svchost.exe [496:2628]                                                         000007fef8320ea8

Thread  C:\Windows\system32\svchost.exe [496:2632]                                                         000007fef8319db0

Thread  C:\Windows\system32\svchost.exe [496:2820]                                                         000007fef831aa10

Thread  C:\Windows\system32\svchost.exe [496:2844]                                                         000007fef8321c94

Thread  C:\Windows\system32\svchost.exe [496:4916]                                                         000007fef0ccd3c8

Thread  C:\Windows\system32\svchost.exe [496:4920]                                                         000007fef0ccd3c8

Thread  C:\Windows\system32\svchost.exe [496:4924]                                                         000007fef0ccd3c8

Thread  C:\Windows\system32\svchost.exe [496:4928]                                                         000007fef0ccd3c8

Thread  C:\Windows\system32\svchost.exe [704:3816]                                                         000007fef8f15124

Thread  C:\Windows\system32\svchost.exe [704:6012]                                                         000007feea72506c

Thread  C:\Windows\system32\svchost.exe [704:6024]                                                         000007fef8011c20

Thread  C:\Windows\system32\svchost.exe [704:6028]                                                         000007fef8011c20

Thread  C:\Windows\system32\svchost.exe [704:4832]                                                         000007fefaad4164

Thread  C:\Windows\system32\svchost.exe [704:1960]                                                         000007fefaab1ab0

Thread  C:\Windows\system32\svchost.exe [1164:3512]                                                        000007fef8f15124

Thread  C:\Windows\system32\svchost.exe [1164:4160]                                                        000007fef6b35170

Thread  C:\Windows\system32\WLANExt.exe [1548:1632]                                                        00000000004b8684

Thread  C:\Windows\system32\WLANExt.exe [1548:1636]                                                        00000000004b8684

Thread  C:\Windows\System32\spoolsv.exe [1808:3636]                                                        000007fef6a510c8

Thread  C:\Windows\System32\spoolsv.exe [1808:3756]                                                        000007fef6716144

Thread  C:\Windows\System32\spoolsv.exe [1808:3760]                                                        000007fef6505fd0

Thread  C:\Windows\System32\spoolsv.exe [1808:3872]                                                        000007fef69b3438

Thread  C:\Windows\System32\spoolsv.exe [1808:3876]                                                        000007fef65063ec

Thread  C:\Windows\System32\spoolsv.exe [1808:3884]                                                        000007fef7775e5c

Thread  C:\Windows\System32\spoolsv.exe [1808:3892]                                                        000007fef75e5074

Thread  C:\Windows\System32\spoolsv.exe [1808:3992]                                                        00000000005fe0bc

Thread  C:\Windows\system32\svchost.exe [1836:2004]                                                        000007fef95135c0

Thread  C:\Windows\system32\svchost.exe [1836:2536]                                                        000007fef9515600

Thread  C:\Windows\system32\svchost.exe [1836:3200]                                                        000007fef7802888

Thread  C:\Windows\system32\svchost.exe [1836:3228]                                                        000007fef7712940

Thread  C:\Windows\system32\svchost.exe [1836:5724]                                                        000007fef7802a40

Thread  C:\Windows\system32\svchost.exe [3436:3504]                                                        000007fef77a8470

Thread  C:\Windows\system32\svchost.exe [3436:3508]                                                        000007fef77b2418

Thread  C:\Windows\system32\svchost.exe [3436:4884]                                                        000007fef6505fd0

Thread  C:\Windows\system32\svchost.exe [3436:4888]                                                        000007fef65063ec

Thread  C:\Windows\system32\svchost.exe [3436:5660]                                                        000007feeb29f130

Thread  C:\Windows\system32\svchost.exe [3436:5716]                                                        000007feeb294734

Thread  C:\Windows\system32\svchost.exe [3436:5072]                                                        000007feeb294734

Thread  C:\Windows\Explorer.EXE [3584:4068]                                                                000007fef96d2154

Thread  C:\Windows\Explorer.EXE [3584:4120]                                                                000007fef9ef2f9c

Thread  C:\Windows\Explorer.EXE [3584:4408]                                                                000007fef21a2118

Thread  C:\Windows\Explorer.EXE [3584:6160]                                                                000007fefb571010

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4296:5404]                                     000007fefdb30168

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4296:5424]                                     000007fefb772a7c

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4296:5432]                                     000007feeb84d618

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4296:5732]                                     000007fef8f15124

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4296:1496]                                     000007feeb7e9730

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4296:1612]                                     000007feeb84d618

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4296:6944]                                     000007fefdb30168

Thread  C:\Windows\System32\svchost.exe [4984:4260]                                                        000007fef8f19874

 

---- Registry - GMER 2.1 ----

 

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                               2

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                              2

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                       1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                        aswFsBlk

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                              FSFilter Activity Monitor

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                    FltMgr?

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                        avast! mini-filter driver (aswFsBlk)

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                3

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                         

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                          aswFsBlk Instance

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                       

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude               388400

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                  0

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                   

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                              2

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                             2

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                      1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                         \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                       aswMonFlt

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                             FSFilter Anti-Virus

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                   FltMgr?

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                       avast! mini-filter driver (aswMonFlt)

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                        

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                         aswMonFlt Instance

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                     

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude             320700

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                0

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                   

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                            \SystemRoot\System32\Drivers\aswrdr2.sys

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                 1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                         1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                          aswRdr

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                PNP_TDI

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                      tcpip?

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                          avast! WFP Redirect driver

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                          

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                       

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                        nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                     

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                               0

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                        1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                         aswRvrt

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                         avast! Revert

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                         

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                              71

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                              982426

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                               \Device\Harddisk0\Partition3\Windows

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                         1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                    

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                 2

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                         1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                          aswSnx

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                FSFilter Virtualization

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                      FltMgr?

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                          avast! virtualization driver (aswSnx)

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                  2

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                           

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                            aswSnx Instance

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                           

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                   137600

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                      0

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                           

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                             \DosDevices\C:\Program Files\AVAST Software\Avast

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                     

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                  1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                 1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                          1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                           aswSP

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                           avast! Self Protection

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                           

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                1

 

Link to post
Share on other sites

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                              \DosDevices\C:\Program Files\AVAST Software\Avast

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                 \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                         \DosDevices\C:\Program Files

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                               \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                      

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                 1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                         1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                          avast! Network Shield Support

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                PNP_TDI

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                      tcpip?

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                          avast! Network Shield TDI driver

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                  11

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                     

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                 1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                0

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                         1

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                          aswVmm

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                          avast! VM Monitor

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                          

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                      

Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                       32

Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                      2

Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                               1

Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                  "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                avast! Antivirus

Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                      ShellSvcGroup

Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                            aswMonFlt?RpcSS?

Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                      1

Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                 LocalSystem

Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                             1

Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.

Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                            

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78da27c6                       

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78da27c6@cc051bc510cd           0xC2 0x2F 0xD3 0xAC ...

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78da27c6@c8d10b1d4d36           0x6C 0xF5 0x9D 0x01 ...

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                   2

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                  2

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                           1

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                            aswFsBlk

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                  FSFilter Activity Monitor

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                        FltMgr?

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                            avast! mini-filter driver (aswFsBlk)

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                    3

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                     

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                              aswFsBlk Instance

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)   

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                   388400

Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                      0

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                  2

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                 2

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                          1

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                             \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                           aswMonFlt

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                 FSFilter Anti-Virus

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                       FltMgr?

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                           avast! mini-filter driver (aswMonFlt)

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                    

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                             aswMonFlt Instance

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) 

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                 320700

Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                    0

Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                \SystemRoot\System32\Drivers\aswrdr2.sys

Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                     1

Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                    1

Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                             1

Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                              aswRdr

Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                    PNP_TDI

Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                          tcpip?

Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                              avast! WFP Redirect driver

Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                      

Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                           

Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                            nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                    1

Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                   0

Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                            1

Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                             aswRvrt

Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                             avast! Revert

Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                     

Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                  71

Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                  982426

Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                   \Device\Harddisk0\Partition3\Windows

Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                             1

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                     2

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                    1

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                             1

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                              aswSnx

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                    FSFilter Virtualization

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                          FltMgr?

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                              avast! virtualization driver (aswSnx)

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                      2

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                       

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                aswSnx Instance

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)       

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                       137600

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                          0

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                      

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                 \DosDevices\C:\Program Files\AVAST Software\Avast

Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                    \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                      1

Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                     1

Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                              1

Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                               aswSP

Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                               avast! Self Protection

Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                       

Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                    1

Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                  \DosDevices\C:\Program Files\AVAST Software\Avast

Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                     \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                             \DosDevices\C:\Program Files

Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                   \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                     1

Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                    1

Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                             1

Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                              avast! Network Shield Support

Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                    PNP_TDI

Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                          tcpip?

Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                              avast! Network Shield TDI driver

Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                      11

Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                     1

Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                    0

Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                             1

Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                              aswVmm

Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                              avast! VM Monitor

Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                      

Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                           32

Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                          2

Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                   1

Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                      "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                    avast! Antivirus

Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                          ShellSvcGroup

Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                aswMonFlt?RpcSS?

Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                          1

Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                     LocalSystem

Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                 1

Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                    Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.

Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78da27c6 (not active ControlSet)   

Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78da27c6@cc051bc510cd               0xC2 0x2F 0xD3 0xAC ...

Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78da27c6@c8d10b1d4d36               0x6C 0xF5 0x9D 0x01 ...

 

---- EOF - GMER 2.1 ----

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites
ComboFix 13-08-07.01 - john 08/08/2013  13:12:09.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4077.2927 [GMT 1:00]

Running from: c:\users\john\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2013-07-08 to 2013-08-08  )))))))))))))))))))))))))))))))

.

.

2013-08-08 12:16 . 2013-08-08 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-07 00:48 . 2013-08-07 00:48 -------- d-----w- c:\windows\SysWow64\syncdb

2013-07-19 19:46 . 2013-07-19 19:46 -------- d-----w- c:\users\john\AppData\Local\Chromium

2013-07-19 19:42 . 2013-07-19 19:42 -------- d-----w- c:\users\john\AppData\Local\The Lord of the Rings Online

2013-07-19 19:38 . 2013-07-25 07:54 -------- d-----w- c:\users\john\AppData\Local\Turbine

2013-07-19 19:35 . 2013-07-19 19:32 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2013-07-19 19:35 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll

2013-07-19 19:34 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll

2013-07-19 19:34 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll

2013-07-19 19:30 . 2013-07-19 19:30 -------- d-----w- c:\programdata\Turbine

2013-07-19 19:30 . 2013-08-08 10:03 -------- d-----w- c:\programdata\HappyCloud

2013-07-19 18:52 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2013-07-19 18:52 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2013-07-19 18:52 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2013-07-19 18:52 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-07-19 18:52 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2013-07-19 18:52 . 2013-07-19 18:58 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin

2013-07-19 18:50 . 2013-07-19 18:57 -------- d-----w- c:\users\john\AppData\Local\PMB Files

2013-07-19 18:50 . 2013-07-19 18:57 -------- d-----w- c:\programdata\PMB Files

2013-07-19 18:50 . 2013-07-19 18:50 -------- d-----w- c:\program files (x86)\Pando Networks

2013-07-19 18:48 . 2013-07-19 18:50 -------- d-----w- c:\users\john\AppData\Roaming\Riot Games

2013-07-11 19:42 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll

2013-07-11 19:42 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll

2013-07-11 11:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-07-11 11:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-11 19:46 . 2012-11-28 11:34 78185248 ----a-w- c:\windows\system32\MRT.exe

2013-07-04 19:43 . 2013-07-04 19:43 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-07-04 19:43 . 2013-07-04 19:43 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-07-04 19:43 . 2013-07-04 19:43 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-07-04 19:43 . 2013-07-04 19:43 81408 ----a-w- c:\windows\system32\icardie.dll

2013-07-04 19:43 . 2013-07-04 19:43 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-07-04 19:43 . 2013-07-04 19:43 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-07-04 19:43 . 2013-07-04 19:43 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-07-04 19:43 . 2013-07-04 19:43 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-07-04 19:43 . 2013-07-04 19:43 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-07-04 19:43 . 2013-07-04 19:43 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-07-04 19:43 . 2013-07-04 19:43 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-07-04 19:43 . 2013-07-04 19:43 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-07-04 19:43 . 2013-07-04 19:43 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-07-04 19:43 . 2013-07-04 19:43 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-07-04 19:43 . 2013-07-04 19:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-07-04 19:43 . 2013-07-04 19:43 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-07-04 19:43 . 2013-07-04 19:43 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-07-04 19:43 . 2013-07-04 19:43 441856 ----a-w- c:\windows\system32\html.iec

2013-07-04 19:43 . 2013-07-04 19:43 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-07-04 19:43 . 2013-07-04 19:43 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-07-04 19:43 . 2013-07-04 19:43 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-07-04 19:43 . 2013-07-04 19:43 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-07-04 19:43 . 2013-07-04 19:43 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-07-04 19:43 . 2013-07-04 19:43 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-07-04 19:43 . 2013-07-04 19:43 235008 ----a-w- c:\windows\system32\url.dll

2013-07-04 19:43 . 2013-07-04 19:43 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-07-04 19:43 . 2013-07-04 19:43 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-07-04 19:43 . 2013-07-04 19:43 216064 ----a-w- c:\windows\system32\msls31.dll

2013-07-04 19:43 . 2013-07-04 19:43 197120 ----a-w- c:\windows\system32\msrating.dll

2013-07-04 19:43 . 2013-07-04 19:43 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-07-04 19:43 . 2013-07-04 19:43 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-04 19:43 . 2013-07-04 19:43 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-07-04 19:43 . 2013-07-04 19:43 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-07-04 19:43 . 2013-07-04 19:43 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-04 19:43 . 2013-07-04 19:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-07-04 19:43 . 2013-07-04 19:43 149504 ----a-w- c:\windows\system32\occache.dll

2013-07-04 19:43 . 2013-07-04 19:43 144896 ----a-w- c:\windows\system32\wextract.exe

2013-07-04 19:43 . 2013-07-04 19:43 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-07-04 19:43 . 2013-07-04 19:43 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-07-04 19:43 . 2013-07-04 19:43 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-07-04 19:43 . 2013-07-04 19:43 13824 ----a-w- c:\windows\system32\mshta.exe

2013-07-04 19:43 . 2013-07-04 19:43 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-07-04 19:43 . 2013-07-04 19:43 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-07-04 19:43 . 2013-07-04 19:43 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-07-04 19:43 . 2013-07-04 19:43 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-07-04 19:43 . 2013-07-04 19:43 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-07-04 19:43 . 2013-07-04 19:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-07-04 19:43 . 2013-07-04 19:43 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-07-04 19:43 . 2013-07-04 19:43 102912 ----a-w- c:\windows\system32\inseng.dll

2013-07-04 19:41 . 2013-07-04 19:41 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-07-04 19:41 . 2013-07-04 19:41 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-07-04 19:41 . 2013-07-04 19:41 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-07-04 19:41 . 2013-07-04 19:41 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-07-04 19:41 . 2013-07-04 19:41 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-07-04 19:41 . 2013-07-04 19:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-07-04 19:41 . 2013-07-04 19:41 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-07-04 19:41 . 2013-07-04 19:41 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-07-04 19:41 . 2013-07-04 19:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-07-04 19:41 . 2013-07-04 19:41 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-07-04 19:41 . 2013-07-04 19:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-07-04 19:41 . 2013-07-04 19:41 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-07-04 19:41 . 2013-07-04 19:41 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-07-04 19:41 . 2013-07-04 19:41 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-07-04 19:41 . 2013-07-04 19:41 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-07-04 19:41 . 2013-07-04 19:41 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-07-04 19:41 . 2013-07-04 19:41 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-07-04 19:41 . 2013-07-04 19:41 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-07-04 19:41 . 2013-07-04 19:41 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-07-04 19:41 . 2013-07-04 19:41 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-07-04 19:41 . 2013-07-04 19:41 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-07-04 19:41 . 2013-07-04 19:41 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2013-07-04 19:41 . 2013-07-04 19:41 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-07-04 19:41 . 2013-07-04 19:41 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-07-04 19:41 . 2013-07-04 19:41 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-07-04 19:41 . 2013-07-04 19:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-07-04 19:41 . 2013-07-04 19:41 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-07-04 19:41 . 2013-07-04 19:41 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-07-04 19:41 . 2013-07-04 19:41 1238528 ----a-w- c:\windows\system32\d3d10.dll

2013-07-04 19:41 . 2013-07-04 19:41 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-07-04 19:41 . 2013-07-04 19:41 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-07-04 19:41 . 2013-07-04 19:41 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-07-04 19:41 . 2013-07-04 19:41 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-07-04 19:41 . 2013-07-04 19:41 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

2013-02-11 10:47 87464 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2013-02-11 87464]

.

[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-05-31 2801288]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]

"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2013-05-18 168]

"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 TCE CAD Service;TCE CAD Service;c:\program files (x86)\John Lewis Rolling Demo Screensaver\CAD Service\cadservice.exe;c:\program files (x86)\John Lewis Rolling Demo Screensaver\CAD Service\cadservice.exe [x]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys;c:\windows\SYSNATIVE\DRIVERS\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdsnxc64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - FXLDYPOC

*Deregistered* - fxldypoc

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-06 14:56]

.

2013-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1692657155-618692565-2360175129-1000Core.job

- c:\users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-02 17:44]

.

2013-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1692657155-618692565-2360175129-1000UA.job

- c:\users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-02 17:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-20 11895400]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-20 2226280]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-07-05 947360]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-07-05 797344]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = 10.99.28.5:1080

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Audio Converter - c:\program files (x86)\AudioConverter\Uninstall\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-08-08  13:18:24

ComboFix-quarantined-files.txt  2013-08-08 12:18

.

Pre-Run: 433,307,590,656 bytes free

Post-Run: 432,975,392,768 bytes free

.

- - End Of File - - E8BB25E0E39FE2A527AD6F52D44AA372

D41D8CD98F00B204E9800998ECF8427E
Link to post
Share on other sites

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either avast or adaware.

Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

Scan with RogueKiller

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • You´ll find the log as RKreport[1].txt on your desktop also.
  • Exit/Close RogueKiller.

CFScript.txt

Link to post
Share on other sites
ComboFix 13-08-07.01 - john 08/08/2013  16:26:55.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4077.2652 [GMT 1:00]

Running from: c:\users\john\Desktop\ComboFix.exe

Command switches used :: c:\users\john\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Search Protection

c:\programdata\Search Protection\SearchProtection.exe

.

.

(((((((((((((((((((((((((   Files Created from 2013-07-08 to 2013-08-08  )))))))))))))))))))))))))))))))

.

.

2013-08-08 15:38 . 2013-08-08 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-08 14:08 . 2013-08-08 14:08 105 ----a-w- C:\prefs.js

2013-08-07 00:48 . 2013-08-07 00:48 -------- d-----w- c:\windows\SysWow64\syncdb

2013-07-19 19:46 . 2013-07-19 19:46 -------- d-----w- c:\users\john\AppData\Local\Chromium

2013-07-19 19:42 . 2013-07-19 19:42 -------- d-----w- c:\users\john\AppData\Local\The Lord of the Rings Online

2013-07-19 19:38 . 2013-07-25 07:54 -------- d-----w- c:\users\john\AppData\Local\Turbine

2013-07-19 19:35 . 2013-07-19 19:32 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2013-07-19 19:35 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll

2013-07-19 19:34 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll

2013-07-19 19:34 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll

2013-07-19 19:30 . 2013-07-19 19:30 -------- d-----w- c:\programdata\Turbine

2013-07-19 19:30 . 2013-08-08 10:03 -------- d-----w- c:\programdata\HappyCloud

2013-07-19 18:52 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2013-07-19 18:52 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2013-07-19 18:52 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2013-07-19 18:52 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-07-19 18:52 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2013-07-19 18:52 . 2013-07-19 18:58 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin

2013-07-19 18:50 . 2013-07-19 18:50 -------- d-----w- c:\program files (x86)\Pando Networks

2013-07-19 18:48 . 2013-07-19 18:50 -------- d-----w- c:\users\john\AppData\Roaming\Riot Games

2013-07-11 19:42 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll

2013-07-11 19:42 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll

2013-07-11 11:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-07-11 11:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-11 19:46 . 2012-11-28 11:34 78185248 ----a-w- c:\windows\system32\MRT.exe

2013-07-04 19:43 . 2013-07-04 19:43 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-07-04 19:43 . 2013-07-04 19:43 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-07-04 19:43 . 2013-07-04 19:43 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-07-04 19:43 . 2013-07-04 19:43 81408 ----a-w- c:\windows\system32\icardie.dll

2013-07-04 19:43 . 2013-07-04 19:43 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-07-04 19:43 . 2013-07-04 19:43 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-07-04 19:43 . 2013-07-04 19:43 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-07-04 19:43 . 2013-07-04 19:43 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-07-04 19:43 . 2013-07-04 19:43 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-07-04 19:43 . 2013-07-04 19:43 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-07-04 19:43 . 2013-07-04 19:43 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-07-04 19:43 . 2013-07-04 19:43 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-07-04 19:43 . 2013-07-04 19:43 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-07-04 19:43 . 2013-07-04 19:43 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-07-04 19:43 . 2013-07-04 19:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-07-04 19:43 . 2013-07-04 19:43 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-07-04 19:43 . 2013-07-04 19:43 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-07-04 19:43 . 2013-07-04 19:43 441856 ----a-w- c:\windows\system32\html.iec

2013-07-04 19:43 . 2013-07-04 19:43 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-07-04 19:43 . 2013-07-04 19:43 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-07-04 19:43 . 2013-07-04 19:43 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-07-04 19:43 . 2013-07-04 19:43 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-07-04 19:43 . 2013-07-04 19:43 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-07-04 19:43 . 2013-07-04 19:43 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-07-04 19:43 . 2013-07-04 19:43 235008 ----a-w- c:\windows\system32\url.dll

2013-07-04 19:43 . 2013-07-04 19:43 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-07-04 19:43 . 2013-07-04 19:43 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-07-04 19:43 . 2013-07-04 19:43 216064 ----a-w- c:\windows\system32\msls31.dll

2013-07-04 19:43 . 2013-07-04 19:43 197120 ----a-w- c:\windows\system32\msrating.dll

2013-07-04 19:43 . 2013-07-04 19:43 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-07-04 19:43 . 2013-07-04 19:43 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-04 19:43 . 2013-07-04 19:43 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-07-04 19:43 . 2013-07-04 19:43 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-07-04 19:43 . 2013-07-04 19:43 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-04 19:43 . 2013-07-04 19:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-07-04 19:43 . 2013-07-04 19:43 149504 ----a-w- c:\windows\system32\occache.dll

2013-07-04 19:43 . 2013-07-04 19:43 144896 ----a-w- c:\windows\system32\wextract.exe

2013-07-04 19:43 . 2013-07-04 19:43 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-07-04 19:43 . 2013-07-04 19:43 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-07-04 19:43 . 2013-07-04 19:43 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-07-04 19:43 . 2013-07-04 19:43 13824 ----a-w- c:\windows\system32\mshta.exe

2013-07-04 19:43 . 2013-07-04 19:43 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-07-04 19:43 . 2013-07-04 19:43 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-07-04 19:43 . 2013-07-04 19:43 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-07-04 19:43 . 2013-07-04 19:43 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-07-04 19:43 . 2013-07-04 19:43 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-07-04 19:43 . 2013-07-04 19:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-07-04 19:43 . 2013-07-04 19:43 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-07-04 19:43 . 2013-07-04 19:43 102912 ----a-w- c:\windows\system32\inseng.dll

2013-07-04 19:41 . 2013-07-04 19:41 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-07-04 19:41 . 2013-07-04 19:41 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-07-04 19:41 . 2013-07-04 19:41 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-07-04 19:41 . 2013-07-04 19:41 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-07-04 19:41 . 2013-07-04 19:41 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-07-04 19:41 . 2013-07-04 19:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-07-04 19:41 . 2013-07-04 19:41 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-07-04 19:41 . 2013-07-04 19:41 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-07-04 19:41 . 2013-07-04 19:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-07-04 19:41 . 2013-07-04 19:41 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-07-04 19:41 . 2013-07-04 19:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-07-04 19:41 . 2013-07-04 19:41 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-07-04 19:41 . 2013-07-04 19:41 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-07-04 19:41 . 2013-07-04 19:41 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-07-04 19:41 . 2013-07-04 19:41 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-07-04 19:41 . 2013-07-04 19:41 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-07-04 19:41 . 2013-07-04 19:41 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-07-04 19:41 . 2013-07-04 19:41 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-07-04 19:41 . 2013-07-04 19:41 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-07-04 19:41 . 2013-07-04 19:41 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-07-04 19:41 . 2013-07-04 19:41 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-07-04 19:41 . 2013-07-04 19:41 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-07-04 19:41 . 2013-07-04 19:41 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2013-07-04 19:41 . 2013-07-04 19:41 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-07-04 19:41 . 2013-07-04 19:41 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-07-04 19:41 . 2013-07-04 19:41 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-07-04 19:41 . 2013-07-04 19:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-07-04 19:41 . 2013-07-04 19:41 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-07-04 19:41 . 2013-07-04 19:41 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-07-04 19:41 . 2013-07-04 19:41 1238528 ----a-w- c:\windows\system32\d3d10.dll

2013-07-04 19:41 . 2013-07-04 19:41 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-07-04 19:41 . 2013-07-04 19:41 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-07-04 19:41 . 2013-07-04 19:41 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-07-04 19:41 . 2013-07-04 19:41 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-07-04 19:41 . 2013-07-04 19:41 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 TCE CAD Service;TCE CAD Service;c:\program files (x86)\John Lewis Rolling Demo Screensaver\CAD Service\cadservice.exe;c:\program files (x86)\John Lewis Rolling Demo Screensaver\CAD Service\cadservice.exe [x]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys;c:\windows\SYSNATIVE\DRIVERS\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdsnxc64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-06 14:56]

.

2013-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1692657155-618692565-2360175129-1000Core.job

- c:\users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-02 17:44]

.

2013-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1692657155-618692565-2360175129-1000UA.job

- c:\users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-02 17:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-20 11895400]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-20 2226280]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = 10.99.28.5:1080

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-08-08  16:43:50

ComboFix-quarantined-files.txt  2013-08-08 15:43

ComboFix2.txt  2013-08-08 12:18

.

Pre-Run: 433,016,406,016 bytes free

Post-Run: 432,619,188,224 bytes free

.

- - End Of File - - B5C42FBA94A80F7EC6699A66B854F40A

D41D8CD98F00B204E9800998ECF8427E
Link to post
Share on other sites
Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.06.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

john :: MINKY [administrator]

 

08/08/2013 16:45:40

mbam-log-2013-08-08 (16-45-40).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 372597

Time elapsed: 54 minute(s), 48 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites
RogueKiller V8.6.5 _x64_ [Aug  5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : john [Admin rights]

Mode : Scan -- Date : 08/08/2013 17:44:20

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 5 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (10.99.28.5:1080) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 4 ¤¤¤

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1692657155-618692565-2360175129-1000UA.job : C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1692657155-618692565-2360175129-1000Core.job : C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1692657155-618692565-2360175129-1000Core : C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1692657155-618692565-2360175129-1000UA : C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: TOSHIBA MK6459GSXP +++++

--- User ---

[MBR] 7787facc6264d9482dbcad3327942b5c

[bSP] bd2045945600bed6b77eeea1b1e7fff2 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18284 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37447680 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37652480 | Size: 592094 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_08082013_174420.txt >>

 

 

 

OK, last one!

Link to post
Share on other sites

No, just close the tool down. We´re not finished yet.

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 08/12/2013 at 08:57:21

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : john - MINKY

# Boot Mode : Normal

# Running from : C:\Users\john\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\END

File Deleted : C:\user.js

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\john\AppData\Local\Conduit

Folder Deleted : C:\Users\john\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\john\AppData\LocalLow\Conduit

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DeviceVM

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16635

 

[OK] Registry is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [2339 octets] - [12/08/2013 08:57:21]

 

########## EOF - C:\AdwCleaner[s1].txt - [2399 octets] ##########

Link to post
Share on other sites
 Results of screen317's Security Check version 0.99.72  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 25  

 Adobe Flash Player 11.7.700.224  

 Adobe Reader 10.1.7 Adobe Reader out of Date!  

 Google Chrome 28.0.1500.72  

 Google Chrome 28.0.1500.95  

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 10% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Then your system is clean! :)

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

All done.

 

Thanks for all your help. Cmd.exe box is gone and comp seems to be running well. We really appreciate your time and the help you give; it is am ost admirable service this forum provides. 

Once again, your have our gratitude!

 

Dan and Jodie.

Link to post
Share on other sites
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.