Solved: Trojan horse Dropper.Generic_c.MMI

Ieaysu · 04-Aug-2012, 03:39 PM #1

Hi, I just registered to this forum in hopes of manually getting rid of this virus my computer recently contracted.

I am dealing with a trojan horse dropper generic_c.MMl

Hijack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:22:33 PM, on 8/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\SysWOW64\RunDll32.exe
Q:\140062.enu\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Users\Shirley Li\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109...000026c77ccb53
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (file missing)
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Oasis2Service - Digital Delivery Networks, Inc. - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

--
End of file - 14516 bytes

The DDS log below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Shirley Li at 15:27:39 on 2012-08-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.1287 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Q:\140062.enu\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Users\Shirley Li\Desktop\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=109935&tt=010812_rbt_3112_6&babsrc=HP_ss&mntrId=30b2a68d000000000000 0026c77ccb53
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\SHIRLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\ONENOT~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
StartupFolder: C:\Users\SHIRLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\SHIRLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{3FC7F61C-530E-4562-BCCF-8DEDCD2FD82F} : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{3FC7F61C-530E-4562-BCCF-8DEDCD2FD82F}\2456C6D6F6E647055726C69636C4962627162797 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3FC7F61C-530E-4562-BCCF-8DEDCD2FD82F}\7385B47503 : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DhcpNameServer = 10.100.78.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO-X64: Wajam IE BHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shirley Li\AppData\Roaming\Mozilla\Firefox\Profiles\ee9fcumt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109935&tt=010812_rbt_3112_6&babsrc=HP_ss&mntrId=30b2a68d000000000000 0026c77ccb53
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Shirley Li\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Shirley Li\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010812_rbt_3112_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 30b2a68d0000000000000026c77ccb53
FF - user.js: extensions.BabylonToolbar.instlDay - 15555
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.120:13:04
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-7-18 913792]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-22 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-9-22 104960]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-22 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-9-22 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2010-9-22 252416]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-22 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 116720]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-21 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-21 67952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-6-14 109064]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-3-10 674400]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-03 00:13:54 -------- d-----w- C:\Users\Shirley Li\AppData\Roaming\FVD Suite
2012-08-03 00:12:55 -------- d-----w- C:\Program Files (x86)\Shop to Win 36
2012-08-03 00:12:47 -------- d-----w- C:\ProgramData\Babylon
2012-08-03 00:12:46 -------- d-----w- C:\Users\Shirley Li\AppData\Roaming\Babylon
2012-08-03 00:12:46 -------- d-----w- C:\Users\Shirley Li\AppData\Local\Wajam
2012-08-03 00:12:45 -------- d-----w- C:\Program Files (x86)\FVD Suite
2012-08-03 00:12:42 -------- d-----w- C:\Program Files (x86)\Wajam
2012-07-27 19:09:42 -------- d-----w- C:\Users\Shirley Li\.emps_cache
2012-07-26 13:15:52 -------- d-----w- C:\Users\Shirley Li\AppData\Roaming\WhatPulse
2012-07-26 13:15:49 -------- d-----w- C:\Program Files (x86)\WhatPulse
2012-07-24 00:43:14 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-24 00:43:14 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-24 00:40:55 24448 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-07-19 22:36:52 -------- d-----w- C:\ProgramData\Nexon
2012-07-19 22:25:37 -------- d-----w- C:\ProgramData\NexonUS
2012-07-19 01:16:24 -------- d-----w- C:\Windows\System32\SPReview
2012-07-19 01:15:24 -------- d-----w- C:\Windows\System32\EventProviders
2012-07-19 01:14:56 -------- d-----w- C:\Users\Shirley Li\AppData\Roaming\Rainmeter
2012-07-19 01:12:34 -------- d-----w- C:\Program Files\Rainmeter
2012-07-18 13:39:24 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2012-07-18 13:39:23 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-07-18 13:39:16 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-07-18 13:39:09 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2012-07-18 13:39:09 3715584 ----a-w- C:\Windows\System32\mstscax.dll
2012-07-18 13:39:09 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-07-18 13:39:08 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-07-18 13:39:08 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2012-07-18 13:39:04 3215872 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-07-18 13:39:00 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2012-07-18 13:39:00 1171456 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-07-18 13:37:59 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-07-18 13:36:59 726528 ----a-w- C:\Windows\System32\AuxiliaryDisplayCpl.dll
2012-07-18 13:35:42 25600 ----a-w- C:\Windows\System32\msyuv.dll
2012-07-18 13:33:50 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2012-07-18 13:33:46 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
2012-07-18 13:33:46 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2012-07-18 13:32:55 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2012-07-18 13:32:54 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2012-07-18 13:32:49 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-07-18 13:32:49 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-07-18 13:32:48 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-07-18 13:28:34 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-07-18 13:28:34 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2012-07-18 13:28:34 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-07-18 13:28:34 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2012-07-18 13:28:28 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2012-07-18 13:28:28 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-07-18 13:28:25 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2012-07-18 13:27:58 422912 ----a-w- C:\Windows\System32\drvstore.dll
2012-07-18 13:27:58 399872 ----a-w- C:\Windows\System32\dpx.dll
2012-07-18 13:27:54 -------- d-----w- C:\ProgramData\IObit
2012-07-18 13:27:24 -------- d-----w- C:\Users\Shirley Li\AppData\Roaming\IObit
2012-07-18 13:27:14 -------- d-----w- C:\Program Files (x86)\IObit
2012-07-18 13:18:13 -------- d-----w- C:\Users\Shirley Li\jagexcache
2012-07-18 02:39:18 -------- d-----w- C:\Windows\SysWow64\BestPractices
2012-07-18 02:39:18 -------- d-----w- C:\Windows\System32\BestPractices
2012-07-18 02:39:17 -------- d-----w- C:\inetpub
2012-07-18 02:06:37 -------- d-----w- C:\Users\Shirley Li\Roaming
2012-07-18 02:06:36 -------- d-----w- C:\ProgramData\Roaming
2012-07-18 02:04:27 -------- d-----w- C:\Program Files (x86)\Cisco
2012-07-12 07:08:14 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-08-02 23:25:28 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 23:25:28 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-19 01:31:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-07-19 01:31:49 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 15:30:01.50 ===============

Some more information to add on..

I use AVG for AV detection and I just keep getting these pops saying that I have another one of the same virus, so as of now I have 5 detected Trojan virus Dropper Generic.cMMl

PlEASE HELP I'M BEGGING YOU!

Oh..another thing I wasn't exactly sure of what step 4 was (4. Copy and paste the contents of the ark.txt file.)

So I didn't post that, uhm if you could inform me of what that is, I will do it immediately!

As for now I think I will shut off my computer so the virus does not multiple

Thanks!

Ieaysu · 07-Aug-2012, 05:28 AM #2

Bump, please help me I haven't turned on my computer in 3 days to wait for a response.

PLEASE HELP I'M BEGGING YOU PLEASE!

kevinf80 · 07-Aug-2012, 05:38 AM #3

Do the following:

Step 1

Download Farbar Recovery Scan Toolx64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Step 2

Boot to System Recovery Options and run FRST as you did to get the log.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Click Search button and post the log (Search.txt) it makes to your reply.

Post those two logs..

Kevin

Ieaysu · 07-Aug-2012, 11:54 AM #4

Hi Kevin!

Is there anyway of doing this without a flash drive :\? I don't happen to have one at the moment.

Also I was just curious..would cases dealing with the c.MMI virus be all the same or are they are different from one another to a certain extent?

Thanks!

kevinf80 · 07-Aug-2012, 01:48 PM #5

There are different ways to kill of this infection, I prefer using FRST as it is done via the Recovery Environment. If you have no flash drive do the following:

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then tap enter. When finished type exit Tap enter, re-boot your PC.

***Note the space between sfc and /scannow.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

Ensure that Combofix is saved directly to the Desktop <--- Very important
Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available Here if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Ieaysu · 06:11 PM

Hi Kevin!

I have done exactly as you have said, in disabling all my anti-virus programs, and then running Combofix which has just finished completed scanning!

Here is my log.txt:

ComboFix 12-08-07.03 - Shirley Li 08/07/2012 17:36:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.2289 [GMT -4:00]
Running from: c:\users\Shirley Li\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Shirley Li\AppData\Local\assembly\tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 21:46 . 2012-08-07 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 21:46 . 2012-08-07 21:46 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2012-08-07 16:21 . 2012-08-07 16:21 -------- d-----w- C:\FRST
2012-08-03 00:13 . 2012-08-03 00:13 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\FVD Suite
2012-08-03 00:13 . 2012-08-03 00:13 315 ----a-w- C:\user.js
2012-08-03 00:12 . 2012-08-04 19:42 -------- d-----w- c:\program files (x86)\Shop to Win 36
2012-08-03 00:12 . 2012-08-03 00:12 -------- d-----w- c:\programdata\Babylon
2012-08-03 00:12 . 2012-08-03 00:12 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\Babylon
2012-08-03 00:12 . 2012-08-03 00:12 -------- d-----w- c:\users\Shirley Li\AppData\Local\Wajam
2012-08-03 00:12 . 2012-08-04 19:42 -------- d-----w- c:\program files (x86)\FVD Suite
2012-08-03 00:12 . 2012-08-04 19:42 -------- d-----w- c:\program files (x86)\Wajam
2012-07-27 19:09 . 2012-07-29 12:27 -------- d-----w- c:\users\Shirley Li\.emps_cache
2012-07-26 13:15 . 2012-07-26 13:21 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\WhatPulse
2012-07-26 13:15 . 2012-07-26 13:15 -------- d-----w- c:\program files (x86)\WhatPulse
2012-07-24 00:43 . 2012-07-24 00:43 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-24 00:43 . 2012-07-24 00:43 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-24 00:40 . 2012-05-24 14:47 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-19 22:36 . 2012-07-19 22:36 -------- d-----w- c:\programdata\Nexon
2012-07-19 01:16 . 2012-08-04 19:40 -------- d-----w- c:\windows\system32\SPReview
2012-07-19 01:15 . 2012-08-04 19:39 -------- d-----w- c:\windows\system32\EventProviders
2012-07-19 01:14 . 2012-08-04 19:42 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\Rainmeter
2012-07-19 01:12 . 2012-08-04 19:42 -------- d-----w- c:\program files\Rainmeter
2012-07-18 13:39 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-18 13:39 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-07-18 13:39 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-07-18 13:39 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-07-18 13:39 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2012-07-18 13:39 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-07-18 13:39 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2012-07-18 13:39 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-18 13:39 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-07-18 13:39 . 2010-11-20 12:19 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2012-07-18 13:39 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-07-18 13:37 . 2010-11-20 13:27 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-07-18 13:36 . 2010-11-20 13:27 40960 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-07-18 13:35 . 2010-11-20 13:27 25600 ----a-w- c:\windows\system32\msyuv.dll
2012-07-18 13:34 . 2010-11-20 13:27 14848 ----a-w- c:\windows\system32\tsbyuv.dll
2012-07-18 13:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-07-18 13:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-07-18 13:33 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2012-07-18 13:32 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2012-07-18 13:32 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2012-07-18 13:32 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-07-18 13:32 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-07-18 13:32 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-07-18 13:28 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-07-18 13:28 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-07-18 13:28 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-07-18 13:28 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-07-18 13:28 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-07-18 13:28 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2012-07-18 13:28 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2012-07-18 13:27 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2012-07-18 13:27 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-07-18 13:27 . 2012-08-04 19:38 -------- d-----w- c:\programdata\IObit
2012-07-18 13:27 . 2012-08-04 19:39 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\IObit
2012-07-18 13:27 . 2012-08-04 19:38 -------- d-----w- c:\program files (x86)\IObit
2012-07-18 13:18 . 2012-08-04 19:39 -------- d-----w- c:\users\Shirley Li\jagexcache
2012-07-18 02:39 . 2012-08-04 19:39 -------- d-----w- c:\windows\system32\BestPractices
2012-07-18 02:39 . 2012-07-18 02:39 -------- d-----w- c:\windows\SysWow64\BestPractices
2012-07-18 02:39 . 2012-08-04 19:37 -------- d-----w- C:\inetpub
2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\Shirley Li\Roaming
2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\Public\Roaming
2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\Default\Roaming
2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\boinc_master\Roaming
2012-07-18 02:06 . 2012-08-04 19:38 -------- d-----w- c:\programdata\Intel
2012-07-18 02:04 . 2012-08-04 19:38 -------- d-----w- c:\program files (x86)\Cisco
2012-07-12 07:08 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 23:25 . 2012-04-10 17:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 23:25 . 2011-06-12 02:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-19 01:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-19 01:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-12 07:03 . 2011-04-15 14:36 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2011-03-29 13:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-02 22:19 . 2012-06-21 13:52 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 13:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 13:53 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 13:53 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 13:52 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 13:53 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 13:52 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 13:52 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 13:52 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 04:01 . 2012-06-13 19:29 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 19:28 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 19:29 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Shirley Li\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-1-4 3208032]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 41160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-23 342056]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-23 39464]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 116720]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-06-14 109064]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-10 53248]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-28 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-05-28 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-05-01 317440]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:25]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 15:08]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 15:08]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1832576997-1850227395-2609180072-1006Core.job
- c:\users\Shirley Li\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 07:32]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1832576997-1850227395-2609180072-1006UA.job
- c:\users\Shirley Li\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 07:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-01 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-01 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-01 417560]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=109935&tt=010812_rbt_3112_6&babsrc=HP_ss&mntrId=30b2a68d000000000000 0026c77ccb53
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
FF - ProfilePath - c:\users\Shirley Li\AppData\Roaming\Mozilla\Firefox\Profiles\ee9fcumt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010812_rbt_3112_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 30b2a68d0000000000000026c77ccb53
FF - user.js: extensions.BabylonToolbar.instlDay - 15555
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.120:13
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-CCTVPlayer - c:\users\Shirley Li\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJO9GOBR\CNTVPlayer101209a[1].exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-07 17:49:37
ComboFix-quarantined-files.txt 2012-08-07 21:49
.
Pre-Run: 370,838,114,304 bytes free
Post-Run: 370,598,236,160 bytes free
.
- - End Of File - - 84165DCE052A93E927783154234A9705

Thanks !

EDIT: I am going to turn my computer off, and check in a couple hours, thanks again Kevin. Also, is this what something one should typically do after running combofix? Or should I just await further instruction?

kevinf80 · 07-Aug-2012, 06:14 PM #7

Just wait i`ll post very shortly

kevinf80 · 07-Aug-2012, 06:24 PM #8

I do not see any sign of the infection you mention... OK continue as follows:

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:

KillAll::
ClearJavaCache::
File::
Folder::

c:\programdata\Babylon
c:\users\Shirley Li\AppData\Roaming\Babylon

c:\programdata\IObit
c:\users\Shirley Li\AppData\Roaming\IObit

c:\program files (x86)\IObit
c:\program files (x86)\Wajam
c:\users\Shirley Li\AppData\Local\Wajam
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"=-
DDS::
uStart Page = hxxp://search.babylon.com/?affID=109935&tt=010812_rbt_3112_6&babsrc=HP_ss&mntrId=30b2a68d000000000000 0026c77ccb53
FireFox::
FF - ProfilePath - c:\users\Shirley Li\AppData\Roaming\Mozilla\Firefox\Profiles\ee9fcumt.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010812_rbt_3112_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 30b2a68d0000000000000026c77ccb53
FF - user.js: extensions.BabylonToolbar.instlDay - 15555
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.120:13
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check
Click the button.
Accept any security warnings from your browser.
Check
Ensure remove found threats is checked
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Post those two logs...

Kevin

Ieaysu · 07-Aug-2012, 06:34 PM #9

Hey Kevin, saw your post whilst browsing on my phone.

Anyways: here is what I get when I open up AVG right now (it is disabled)

I click on history>resident shield protection

and I get this ugly mess of stuff

So..yeah I think I'll proceed with what you said, thanks!

Ieaysu · 07-Aug-2012, 09:54 PM **#10**

Hey Kevin, sorry for the double post, just came back to check on my laptop to find out whether or not my scans were completed or not, and believe it or not..they are done!!!

here is my log for Combofix from the codes pasted from the codebox in your previous post

ComboFix 12-08-07.03 - Shirley Li 08/07/2012 18:43:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.2087 [GMT -4:00]
Running from: c:\users\Shirley Li\Desktop\ComboFix.exe
Command switches used :: c:\users\Shirley Li\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IObit
c:\program files (x86)\IObit\Advanced SystemCare 5\About.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\ActiveBoost.db
c:\program files (x86)\IObit\Advanced SystemCare 5\ASC.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCInit.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCInit.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-23.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-24.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-25.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-26.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-27.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-28.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-29.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-30.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-31.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-08-01.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-08-02.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-08-03.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-08-04.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-08-06.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-08-07.log
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTooltips.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCUpgrade.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCv5ComputerMenu.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCv5ComputerMenu_64.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\AutoCare.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\AutoSweep.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\AutoUpdate.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-07-19 07-48-04
c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-07-19 11-11-55
c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-08-02 20-44-49
c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-08-04 10-26-55
c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-08-04 12-24-53
c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-08-07 16-31-14
c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-08-07 16-52-29
c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-08-07 17-20-36
c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\path.ini
c:\program files (x86)\IObit\Advanced SystemCare 5\BootTimeLog\Defrag2012-08-02(20-39-55).log
c:\program files (x86)\IObit\Advanced SystemCare 5\checkinfo.txt
c:\program files (x86)\IObit\Advanced SystemCare 5\Cus.dbd
c:\program files (x86)\IObit\Advanced SystemCare 5\cxLibraryD12.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\datastate.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\Def.dbd
c:\program files (x86)\IObit\Advanced SystemCare 5\DelayLoad.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\diskhelper.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\DiskMap.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\DiskScan.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\DriverData.db
c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\win7_amd64\RegistryDefragBootTime.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\win7_x86\RegistryDefragBootTime.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\wlh_amd64\RegistryDefragBootTime.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\wlh_x86\RegistryDefragBootTime.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\wnet_amd64\RegistryDefragBootTime.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\wnet_x86\RegistryDefragBootTime.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\wxp_amd64\RegistryDefragBootTime.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\wxp_x86\RegistryDefragBootTime.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\dxBarD12.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\dxComnD12.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\dxCoreD12.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\dxDockingD12.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\dxGDIPlusD12.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\dxhelper.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\dxSkinOffice2007BlueD12.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\dxSkinsCoreD12.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\dxThemeD12.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\EULA.rtf
c:\program files (x86)\IObit\Advanced SystemCare 5\Ext.dbd
c:\program files (x86)\IObit\Advanced SystemCare 5\fav.ico
c:\program files (x86)\IObit\Advanced SystemCare 5\FfSweep.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\help.html
c:\program files (x86)\IObit\Advanced SystemCare 5\ignore.dbd
c:\program files (x86)\IObit\Advanced SystemCare 5\Images\dcScreen.png
c:\program files (x86)\IObit\Advanced SystemCare 5\Images\dcScreen2.png
c:\program files (x86)\IObit\Advanced SystemCare 5\Images\icon-dc.png
c:\program files (x86)\IObit\Advanced SystemCare 5\Images\icon-qc.png
c:\program files (x86)\IObit\Advanced SystemCare 5\Images\icon-tb.png
c:\program files (x86)\IObit\Advanced SystemCare 5\Images\icon-tbox.png
c:\program files (x86)\IObit\Advanced SystemCare 5\Images\main.png
c:\program files (x86)\IObit\Advanced SystemCare 5\Images\mainPro.png
c:\program files (x86)\IObit\Advanced SystemCare 5\Images\toolboxscreen.png
c:\program files (x86)\IObit\Advanced SystemCare 5\Images\turboboost.png
c:\program files (x86)\IObit\Advanced SystemCare 5\IObitLogon.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Arabic.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Belarusian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Bulgarian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\ChineseSimp.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\ChineseTrad.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Czech.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Danish.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Dutch.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\English.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Finnish.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\French.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\German.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Greek.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Hungarian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Italian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\japanese.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Korean.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Polish.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Portuguese(PT-BR).lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Portuguese(PT-PT).lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Romanian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Russian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Serbian (cyrillic).lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Serbian (latin).lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Slovenian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Spanish.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Swedish.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Turkish.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Vietnamese.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\LatestNews\imagenews.png
c:\program files (x86)\IObit\Advanced SystemCare 5\LatestNews\LatestNews.ini
c:\program files (x86)\IObit\Advanced SystemCare 5\LicenseConverter.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\madbasic_.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\maddisAsm_.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\madexcept_.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\NtfsData.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\OFCommon.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\OFCommon3.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\PerformUpdate.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\PMonitor.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Promote.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Reg.dbd
c:\program files (x86)\IObit\Advanced SystemCare 5\Register.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Reminder.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Report.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\RescueCenter.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Restore.dbd
c:\program files (x86)\IObit\Advanced SystemCare 5\rtl120.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\Scan.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2709981.cab
c:\program files (x86)\IObit\Advanced SystemCare 5\SecurityHoleScan.log
c:\program files (x86)\IObit\Advanced SystemCare 5\sh.dat
c:\program files (x86)\IObit\Advanced SystemCare 5\skin\black.rcc
c:\program files (x86)\IObit\Advanced SystemCare 5\skin\classic.rcc
c:\program files (x86)\IObit\Advanced SystemCare 5\skin\cute.rcc
c:\program files (x86)\IObit\Advanced SystemCare 5\skin\metal.rcc
c:\program files (x86)\IObit\Advanced SystemCare 5\skin\public.rcc
c:\program files (x86)\IObit\Advanced SystemCare 5\skin\white.rcc
c:\program files (x86)\IObit\Advanced SystemCare 5\sqlite3.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\Suc10_RegistryCleaner.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Suc11_PrivacySweeper.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Suc12_Uninstal.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Suc13_DiskCleaner.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Suc14_FileShredder.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sun10_ClonedFilesScanner.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sun11_AutoShutdown.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sun12_DiskExplorer.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sun13_SystemInformation.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sun14_EmptyFolderScanner.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sun15_SystemControl.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Suo11_InternetBooster.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Suo12_StartupManager.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Suo13_RegistryDefrag.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Suo14_SmartDefrag.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Suo15_GameBooster.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sur10_Undelete.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sur11_ShortcutFixer.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sur12_DiskDoctor.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sur13_WinFix.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sur14_IEHelper.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sus10_SysExplorer.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sus11_SecurityHolesScanner.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sus12_ProcessManager.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Sus13_DriverManager.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\taskmgr.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\TbFfSweep.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\TbFileSweep.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\ToolBox.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Arabic.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Belarusian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Bulgarian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\ChineseSimp.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\ChineseTrad.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Czech.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Danish.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Dutch.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\English.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Finnish.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\French.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\German.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Greek.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Hungarian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Italian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\japanese.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Korean.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Polish.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Portuguese(PT-BR).lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Portuguese(PT-PT).lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Romanian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Russian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Serbian (cyrillic).lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Serbian (latin).lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Slovenian.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Spanish.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Swedish.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Turkish.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Vietnamese.lng
c:\program files (x86)\IObit\Advanced SystemCare 5\TurboBoost.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\TurboBoostGame.dbd
c:\program files (x86)\IObit\Advanced SystemCare 5\Undelete.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\unins000.dat
c:\program files (x86)\IObit\Advanced SystemCare 5\unins000.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\unins000.msg
c:\program files (x86)\IObit\Advanced SystemCare 5\UninstallPromote.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\Update History.txt
c:\program files (x86)\IObit\Advanced SystemCare 5\Update\Update.Ini
c:\program files (x86)\IObit\Advanced SystemCare 5\UpdateHistory.txt
c:\program files (x86)\IObit\Advanced SystemCare 5\UPdateTest.log
c:\program files (x86)\IObit\Advanced SystemCare 5\UpgradeTip.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\vcl120.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\vclx120.bpl
c:\program files (x86)\IObit\Advanced SystemCare 5\WebUI.dll
c:\program files (x86)\IObit\Advanced SystemCare 5\Wizard.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\zlibwapi.dll
c:\program files (x86)\Wajam
c:\program files (x86)\Wajam\Updater\WajamUpdater.exe
c:\programdata\Babylon
c:\programdata\IObit
c:\programdata\IObit\Advanced SystemCare V5\AscService.ini
c:\users\Shirley Li\AppData\Local\Wajam
c:\users\Shirley Li\AppData\Local\Wajam\Chrome\wajam.crx
c:\users\Shirley Li\AppData\Roaming\Babylon
c:\users\Shirley Li\AppData\Roaming\Babylon\log_file.txt
c:\users\Shirley Li\AppData\Roaming\IObit
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup32-2012-07-18(09-53-21).reg
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup32-2012-07-23(20-43-24).reg
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup64-2012-07-18(09-53-21).reg
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup64-2012-07-23(20-43-24).reg
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime\Boottime.ini
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime\LastAutoRunList.ini
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\ignore.ini
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\JFilterkey.dbd
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\License.log
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Log\ASCLog-2012-07-18(09-53-21).txt
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Log\ASCLog-2012-07-23(20-43-24).txt
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Log\ASCLog-2012-08-02(21-45-43).txt
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Main.ini
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\PFilterkey.dbd
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\TBGameconfig.ini
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\TBWorkconfig.ini
c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\TurBoost.ini
c:\users\Shirley Li\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-07-19.log
c:\users\Shirley Li\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-07-27.log
c:\users\Shirley Li\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-08-02.log
c:\users\Shirley Li\AppData\Roaming\IObit\IObit Uninstaller\Select.ini
c:\users\Shirley Li\AppData\Roaming\IObit\IObit Uninstaller\SoftwareCache.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdvancedSystemCareService5
-------\Service_WajamUpdater
-------\Service_AdvancedSystemCareService5
-------\Service_WajamUpdater
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 22:51 . 2012-08-07 22:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 16:21 . 2012-08-07 16:21 -------- d-----w- C:\FRST
2012-08-03 00:13 . 2012-08-03 00:13 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\FVD Suite
2012-08-03 00:13 . 2012-08-03 00:13 315 ----a-w- C:\user.js
2012-08-03 00:12 . 2012-08-04 19:42 -------- d-----w- c:\program files (x86)\Shop to Win 36
2012-08-03 00:12 . 2012-08-04 19:42 -------- d-----w- c:\program files (x86)\FVD Suite
2012-07-27 19:09 . 2012-07-29 12:27 -------- d-----w- c:\users\Shirley Li\.emps_cache
2012-07-26 13:15 . 2012-07-26 13:21 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\WhatPulse
2012-07-26 13:15 . 2012-07-26 13:15 -------- d-----w- c:\program files (x86)\WhatPulse
2012-07-24 00:43 . 2012-07-24 00:43 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-24 00:43 . 2012-07-24 00:43 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-24 00:40 . 2012-05-24 14:47 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-19 22:36 . 2012-07-19 22:36 -------- d-----w- c:\programdata\Nexon
2012-07-19 01:16 . 2012-08-04 19:40 -------- d-----w- c:\windows\system32\SPReview
2012-07-19 01:15 . 2012-08-04 19:39 -------- d-----w- c:\windows\system32\EventProviders
2012-07-19 01:14 . 2012-08-04 19:42 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\Rainmeter
2012-07-19 01:12 . 2012-08-04 19:42 -------- d-----w- c:\program files\Rainmeter
2012-07-18 13:39 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-18 13:39 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-07-18 13:39 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-07-18 13:39 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-07-18 13:39 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2012-07-18 13:39 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-07-18 13:39 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2012-07-18 13:39 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-18 13:39 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-07-18 13:39 . 2010-11-20 12:19 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2012-07-18 13:39 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-07-18 13:37 . 2010-11-20 13:27 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-07-18 13:36 . 2010-11-20 13:27 40960 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-07-18 13:35 . 2010-11-20 13:27 25600 ----a-w- c:\windows\system32\msyuv.dll
2012-07-18 13:34 . 2010-11-20 13:27 14848 ----a-w- c:\windows\system32\tsbyuv.dll
2012-07-18 13:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-07-18 13:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-07-18 13:33 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2012-07-18 13:32 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2012-07-18 13:32 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2012-07-18 13:32 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-07-18 13:32 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-07-18 13:32 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-07-18 13:28 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-07-18 13:28 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-07-18 13:28 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-07-18 13:28 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-07-18 13:28 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-07-18 13:28 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2012-07-18 13:28 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2012-07-18 13:27 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2012-07-18 13:27 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-07-18 13:18 . 2012-08-04 19:39 -------- d-----w- c:\users\Shirley Li\jagexcache
2012-07-18 02:39 . 2012-08-04 19:39 -------- d-----w- c:\windows\system32\BestPractices
2012-07-18 02:39 . 2012-07-18 02:39 -------- d-----w- c:\windows\SysWow64\BestPractices
2012-07-18 02:39 . 2012-08-04 19:37 -------- d-----w- C:\inetpub
2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\Shirley Li\Roaming
2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\Public\Roaming
2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\Default\Roaming
2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\boinc_master\Roaming
2012-07-18 02:06 . 2012-08-04 19:38 -------- d-----w- c:\programdata\Intel
2012-07-18 02:04 . 2012-08-04 19:38 -------- d-----w- c:\program files (x86)\Cisco
2012-07-12 07:08 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 23:25 . 2012-04-10 17:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 23:25 . 2011-06-12 02:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-19 01:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-19 01:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-12 07:03 . 2011-04-15 14:36 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2011-03-29 13:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-02 22:19 . 2012-06-21 13:52 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 13:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 13:53 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 13:53 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 13:52 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 13:53 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 13:52 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 13:52 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 13:52 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 04:01 . 2012-06-13 19:29 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 19:28 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 19:29 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-07_21.46.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-07 21:16 . 2012-08-07 21:16 18334 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-08-07 22:51 . 2012-08-07 22:51 18334 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-08-07 21:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-07 22:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-07 21:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-07 22:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-07 22:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 21:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-08-07 22:54 36814 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-12 04:16 . 2012-08-07 22:54 16398 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1832576997-1850227395-2609180072-1006_UserData.bin
- 2009-07-14 04:54 . 2012-08-07 21:20 98304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-07 22:53 98304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2010-12-12 00:23 . 2012-08-07 22:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2010-12-12 00:23 . 2012-08-07 21:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2010-12-12 00:23 . 2012-08-07 21:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2010-12-12 00:23 . 2012-08-07 22:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2012-08-07 22:52 . 2012-08-07 22:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-07 21:17 . 2012-08-07 21:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-07 22:52 . 2012-08-07 22:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-07 21:17 . 2012-08-07 21:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-12 00:49 . 2012-08-07 22:26 333858 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-09-22 14:51 . 2012-08-07 21:20 114688 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2010-09-22 14:51 . 2012-08-07 22:53 114688 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 05:01 . 2012-08-07 22:51 302628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-07 21:16 302628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-22 14:51 . 2012-08-07 22:53 1998848 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2010-09-22 14:51 . 2012-08-07 21:20 1998848 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2011-06-11 18:35 . 2012-08-07 22:51 27198884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1832576997-1850227395-2609180072-1006-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Shirley Li\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-1-4 3208032]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 41160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-23 342056]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-23 39464]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 116720]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-10 53248]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-28 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-05-28 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-05-01 317440]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:25]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 15:08]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 15:08]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1832576997-1850227395-2609180072-1006Core.job
- c:\users\Shirley Li\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 07:32]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1832576997-1850227395-2609180072-1006UA.job
- c:\users\Shirley Li\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 07:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-01 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-01 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-01 417560]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"combofix"="c:\combofix\CF18777.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
FF - ProfilePath - c:\users\Shirley Li\AppData\Roaming\Mozilla\Firefox\Profiles\ee9fcumt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Advanced SystemCare 5_is1 - c:\program files (x86)\IObit\Advanced SystemCare 5\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\windows\SysWOW64\RunDll32.exe
q:\140062.enu\Office14\ONENOTEM.EXE
c:\program files (x86)\Sony\SmartWi Connection Utility\CCP.exe
c:\program files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
c:\program files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
c:\program files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
.
**************************************************************************
.
Completion time: 2012-08-07 19:01:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-07 23:01
ComboFix2.txt 2012-08-07 21:49
.
Pre-Run: 370,651,119,616 bytes free
Post-Run: 370,210,508,800 bytes free
.
- - End Of File - - 2F2ED020B3F5F38B47F7AC4CAECAC3AA
-------------------------------------------------------------------------------------------------

ESETScan Log (Not entirely sure if this is the one your asking for..but I'll post the other one I got, which I'm sure is probably what your not looking for, but I'm going to post it anyways.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=172b5e50b7acbf4a8abd52229ff0d34c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-08 01:23:42
# local_time=2012-08-07 09:23:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 11986960 11986960 0 0
# compatibility_mode=5893 16776574 100 94 797370 95924892 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=174635
# found=2
# cleaned=2
# scan_time=7581
C:\Users\Shirley Li\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120310182449411.rsc multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Shirley Li\Downloads\fvdsuite_installer.exe a variant of Win32/InstallCore.AE application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Other Log:

C:\Users\Shirley Li\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120310182449411.rsc multiple threats deleted - quarantined
C:\Users\Shirley Li\Downloads\fvdsuite_installer.exe a variant of Win32/InstallCore.AE application cleaned by deleting - quarantined

Just something I want to say..going through this entire process and all..I find it pathetic, in how/why I even wanted to download 'youtube' videos from youtube and save them as music files on my computer to I could listen to them whenever without having to open youtube.

I know its a lame excuse and a sign of laziness, but I whole heartly thought it was a good idea and all, and so when I searched for an addon like like this in firefox, it first directed me to this one downloading tool, but then said I couldn't download these videos to convert them into so and so files, so I had to download another program in order to do so. Yet on the site for this program fvdsuit whatever its called, it lists how it "100% SAFE", etc, etc blah blah..boy was this lame..

And to be honest..I think after 40min of installing all this crap on my computer I used the iobit uninstaller to get rid of it all, and even ran an avg scan, and nothing came up. It's just so strange from then to now.

Anyways..sorry if you read this stupid rant of myself contemplating my about woes, I just want to thank you for all you help.

kevinf80 · 08-Aug-2012, 01:57 AM **#11**

Once again CF does not flag the patched file Services.exe, I see the references to it in the AVG history, this is very strange because that is actually the Zeroaccess infection and there should be severall associated files, they are not showing either in the CF scans.

OK to be sure I want you to upload that suspect file for analysis, do the following please:

Upload a File to Virustotal
Please visit
Virustotal

Click the Browse... button
Navigate to the file C:\Windows\System32\Services.exe or just copy/paste it in.
Click the Scan it tab
If you get a message saying File has already been analyzed: click Reanalyze file now
Copy and paste the results back here please.

Kevin

Ieaysu · 10:54 AM

Here is what I just got as I tried what you have just instructed:

Also..something I probably forgot to tell you earlier, and I know..it is the wrong thing to do, but i guess I did it out of desperation. All this is was done before I found this forum to post my problem

I went to my Windows Task Manager, deleted/ended all process files or programs/services that had svchost.exe since there were like 5 of them running all at once.

Also..I remember when I tried to delete / end one of the process trees to one of the svchost.exe thingys..it said I could delete it for some reason and some how I got around that, by restarting my computer and then deleted it from the Windows Task Manager..again.

So..really I don't know what to do now, I can do a scan of the other things that pop up when i search for service(s) in system 32.

Log:

SHA256: 00d8538999941044286c2ad69600b4c158dbc7a1da6546b49f73327cbb5c3453 SHA1: 8c861a73b23b92e0cae74aa275c4029bdcf1ec77 MD5: 7a1d35f59468b8118af5b8e21df78ae2 File size: 90.6 KB ( 92745 bytes ) File name: services.msc File type: XML Detection ratio: 0 / 42 Analysis date: 2012-08-08 11:20:42 UTC ( 0 minutes ago )

8

7

Yeah..the thing above is the best thing I can find that is the closest match for any service(s) file in system 32

I think the problem now I have to deal with is not having 'services.exe' and that I have to re-install it again, but I am not entirely sure if this is the case so I just wanted to let you know that I have already enabled to view hidden folders, files, etc from tools>view in a folder in system32.

Alright, thanks again Kevin

Mark1956 · 08-Aug-2012, 01:58 PM **#13**

Hi Leaysu, my name is Mark and I am jumping in to help you while Kevin is unavailable.

You cannot delete processes using Task Manager you can only stop them from running. After a reboot the processes will start again, so you will have done no harm.

Running the scan on the wrong file does not tell us anything, Services.msc and Services.exe are not two of the same.

Follow these instructions to find the services.exe file and post the result.

Please download SystemLook for your operating system from one of the links below and save it to your Desktop.

Link 1: SystemLook (64-bit)
Link 2: SystemLook (64-bit)

Double-click SystemLook.exe to run it.
Vista/Windows 7 users right-click and select Run As Administrator.
Copy and paste everything in the codebox below into the main textfield:
Code:
```
:filefind
services.exe
```
Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.

Ieaysu · 08-Aug-2012, 02:28 PM **#14**

Hey Mark!

Thanks for the help and the clarification, I've been waiting all day lol and its just this problem has been driving me nuts so I've been just checking on my phone browser like every hour or so.

Anyways, here is the log I produced:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:24 on 08/08/2012 by Shirley Li
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\erdnt\cache64\services.exe --a---- 328704 bytes [21:47 07/08/2012] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-

Mark1956 · 08-Aug-2012, 03:05 PM **#15**

That result shows that the services.exe file is fine, this adds a bit more confusion to the situation as it is not clear why AVG should see it as an infection.

Please run another scan with AVG and tell me what, if anything, it detects.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: Trojan horse Dropper.Generic_c.MMI

Find the solution to your computer problem!

Find the solution to your
computer problem!